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The NASA STI Program Office ... in Profile 


Since its founding, NASA has been dedicated to 
the advancement of aeronautics and space 
science. The NASA Scientific and Technical 
Information (STI) Program Office plays a key 
part in helping NASA maintain this important 
role. 

The NASA STI Program Office is operated by 
Langley Research Center, the lead center for 
NASA’s scientific and technical information. The 
NASA STI Program Office provides access to the 
NASA STI Database, the largest collection of 
aeronautical and space science STI in the world. 
The Program Office is also NASA’s institutional 
mechanism for disseminating the results of its 
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• TECHNICAL MEMORANDUM. 
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technical findings by NASA-sponsored 
contractors and grantees. 
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Collected papers from scientific and 
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NASA programs, projects, and missions, 
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Program Office’s diverse offerings include 
creating custom thesauri, building customized 
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ntroduction 


Fault tree analysis is a top-down approach to the identification of process hazards. It is touted as one 
of the best methods for systematically identifying and graphically displaying the many ways 
something can go wrong. This bibliography contains references to documents in the NASA 
Scientific and Technical Information (STI) Database. The selections are based on the major concepts 
and other NASA Thesaurus terms, including ’reliability analysis.’ An abstract is included with most 
citations. 

Items are first categorized by 10 major subject divisions, then further divided into 76 specific subject 
categories, based on the NASA Scope and Subject Category Guide. The subject divisions and 
categories are listed in the Table of Contents together with a note for each that defines its scope and 
provides any cross-references. 

Two indexes, Subject Term and Personal Author are also included. The Subject Term Index is 
generated from the NASA Thesaurus terms associated and listed with each document. 

You may order one or more of the documents presented. For further details or questions, please call 
the NASA STI Help Desk at 301-621-0390 or send e-mail to help@sti.nasa.gov. 



SCAN Goes Electronic! 

If you have electronic mail or if you can access the Internet, you can view biweekly issues of SCAN 
from your desktop absolutely free! 

Electronic SCAN takes advantage of computer technology to inform you of the latest worldwide, 
aerospace-related, scientific and technical information that has been published. 

No more waiting while the paper copy is printed and mailed to you. You can view Electronic SCAN 
the same day it is released — up to 191 topics to browse at your leisure. When you locate a publication 
of interest, you can print the announcement. You can also go back to the Electronic SCAN home page 
and follow the ordering instructions to quickly receive the full document. 

Start your access to Electronic SCAN today. Over 1,000 announcements of new reports, books, con- 
ference proceedings, journal articles.. .and more — available to your computer every two weeks. 

For Internet access to E-SCAN, use any of the 
following addresses: 

http://wwwjsti.imsa.gov 

ftp.sti.nasa.gov 
gopher.sti.nasa.gov 

To receive a free subscription, send e-mail for complete information about the service first. Enter 
scan@sti.nasa.gov on the address line. Leave the subject and message areas blank and send. You 
will receive a reply in minutes. 

Then simply determine the SCAN topics you wish to receive and send a second e-mail to 
Listserv@sti.nasa.gov. Leave the subject line blank and enter a subscribe command, denoting which 
topic you want and your name in the message area, formatted as follows: 

Subscribe SCAN-02-01 Jane Doe 

For additional information, e-mail a message to help@sti.nasa.gov. 

Phone: (301) 621-0390 

Fax: (301) 621-0134 

Write: NASA STI Help Desk 

NASA Center for AeroSpace Information 
7121 Standard Drive 
Hanover, MD 21076-1320 

Looking just for Aerospace Medicine and Biology reports? 

Although hard copy distribution has been discontinued, you can 
still receive these vital announcements through your E-SCAN 
subscription. Just Subscribe SCAN-AEROMED Jane Doe 
in the message area of your e-mail to listserv@sti.nasa.gov. 
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Table of Contents 




Document citations are grouped first by the following divisions. Select a division title to view the 
category-level Table of Contents. 



G* Mathematical and Computer Sciences 


ndexes 


Two indexes are available. You may use the find command under the tools menu while viewing the 
PDF file for direct match searching on any text string. You may also select either of the two indexes 
provided for searching on NASA Thesaurus subject terms and personal author names. 



Document Availability 


Select Availability Info for important information about NASA Scientific and Technical 
Information (STI) Program Office products and services, including registration with the NASA 
Center for AeroSpace Information (CASI) for access to the NASA CASI TRS (Technical Report 
Server), and availability and pricing information for cited documents. 


v 


Subject Categories of the Division A* Aeronautics 


Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general research topics related to manned and unmanned aircraft and the problems 
of flight within the Earth’s atmosphere. Also includes manufacturing, maintenance, and 
repair of aircraft. For specific topics in aeronautics see categories 02 through 09. For 
information related to space vehicles see 12 Astronautics. 



Includes aerodynamics of flight vehicles, test bodies, airframe components and 
combinations, wings, and control surfaces. Also includes aerodynamics of rotors, stators, 
fans and other elements of turbomachinery. For related information, see also 34 Fluid 
Mechanics and Heat Transfer. 



Includes passenger and cargo air transport operations; aircraft ground operations; flight 
safety and hazards; and aircraft accidents. Systems and hardware specific to ground 
operations of aircraft and to airport construction are covered in 09 Research and Support 
Facilities (Air). Air traffic control is covered in 04 Aircraft Communications and Navigation. 
For related information see also 16 Space Transportation and Safety, and 85 Technology 
Utilization and Surface Transportation. 


04 Aircraft Communications and Navigation N.A. 

Includes all modes of communication with and between aircraft; air navigation systems 
(satellite and ground based); and air traffic control. For related information see also 06 
Avionics and Aircraft Instrumentation-, 17 Space Communications; Spacecraft 
Communications, Command and Tracking, and 32 Communications and Radar. 



Includes all stages of design of aircraft and aircraft structures and systems. Also includes 
aircraft testing, performance, and evaluation, and aircraft and flight simulation technology. 
For related information, see also 18 Spacecraft Design, Testing and Performance and 39 
Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and 
Surface Transportation. 


Includes all avionics systems, cockpit and cabin display devices; and flight instruments 
intended for use in aircraft. For related information, see also 04 Aircraft Communications 
and Navigation; 08 Aircraft Stability and Control; 19 Spacecraft Instrumentation and 
Astrionics ; and 35 Instrumentation and Photography. 


VI 



Includes prime propulsion systems and systems components, e.g., gas turbine engines and 
compressors; and onboard auxiliary power plants for aircraft. For related information see 
also 20 Spacecraft Propulsion and Power, 28 Propellants and Fuels, and 44 Energy 
Production and Conversion. 


Includes flight dynamics, aircraft handling qualities; piloting; flight controls; and autopilots. 
For related information, see also 05 Aircraft Design, Testing and Performance and 06 
Avionics and Aircraft Instrumentation. 



Facilities 



Includes airports, runways, hangars, and aircraft repair and overhaul facilities; wind tunnels, 
water tunnels, and shock tubes; flight simulators; and aircraft engine test stands. Also 
includes airport ground equipment and systems. For airport ground operations see 03 Air 
Transportation and Safety. For astronautical facilities see 14 Ground Support Systems and 
Facilities (Space). 


Subject Categories of the Division B. Astronautics 


Select a category to view the collection of records cited. N.A. means no abstracts in that category. 


12 Astronautics (General) 8 

Includes general research topics related to space flight and manned and unmanned space 
vehicles, platforms or objects launched into, or assembled in, outer space; and related 
components and equipment. Also includes manufacturing and maintenance of such vehicles 
or platforms. For specific topics in astronautics see categories 13 through 20. For 
extraterrestrial exploration, see 91 Lunar and Planetary Science and Exploration. 


Includes powered and free-flight trajectories; and orbital and launching dynamics. 

Ground Support Systems and Facilities (Space) 7 

Includes launch complexes, research and production facilities; ground support equipment, 
e.g., mobile transporters; and test chambers and simulators. Also includes extraterrestrial 
bases and supporting equipment. For related information see also 09 Research and Support 
Facilities (Air). 


Includes all classes of launch vehicles, launch/space vehicle systems, and boosters; and 
launch operations. For related information see also 18 Spacecraft Design, Testing, and 
Performance; and 20 Spacecraft Propulsion and Power. 


VII 



Includes passenger and cargo space transportation, e.g., shuttle operations; and space rescue 
techniques. For related information, see also 03 Air Transportation and Safety and 15 Launch 
Vehicles and Launch Vehicles, and 18 Spacecraft Design, Testing and Performance. For 
space suits, see 54 Man/System Technology and Life Support. 
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Includes space systems telemetry; space communications networks; astronavigation and 
guidance; and spacecraft radio blackout. For related information, see also 04 Aircraft 
Communications and Navigation and 32 Communications and Radar. 



Includes satellites; space platforms; space stations; spacecraft systems and components such 
as thermal and environmental controls; and spacecraft control and stability characteristics. 
For life support systems, see 54 Man/System Technology and Life Support. For related 
information, see also 05 Aircraft Design, Testing and Performance, 39 Structural 
Mechanics, and 16 Space Transportation and Safety. 


Spacecraft Instrumentation and Astrionics N.A. 

Includes the design, manufacture, or use of devices for the purpose of measuring, detecting, 
controlling, computing, recording, or processing data related to the operation of space 
vehicles or platforms. For related information, see also 06 Aircraft Instrumentation and 
Avionics; For spaceborne instruments not integral to the vehicle itself see 35 Instrumentation 
and Photography, For spaceborne telescopes and other astronomical instruments see 89 
Astronomy, Instrumentation and Photography, For spaceborne telescopes and other 
astronomical instruments see 89 Astronomy. 


20 Spacecraft Propulsion and Power 8 

Includes main propulsion systems and components, e.g., rocket engines; and spacecraft 
auxiliary power sources. For related information, see also 07 Aircraft Propulsion and Power; 
28 Propellants and Fuels; 15 Launch Vehicles and Launch Operations; and 44 Energy 
Production and Conversion. 


Subject Categories of the Division C» Cheinistr^ end 
materials 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general research topics related to the composition, properties, structure, and use of 
chemical compounds and materials as they relate to aircraft, launch vehicles, and spacecraft. 
For specific topics in chemistry and materials see categories 24 through 29. For 
astrochemistry see category 90 Astrophysics. 

viii 


Includes physical, chemical, and mechanical properties of laminates and other composite 
materials. 


Inorganic^ Organic^ and Physical Chemistry 13 

Includes the analysis, synthesis, and use inorganic and organic compounds; combustion 
theory; electrochemistry; and photochemistry. For related information see also 34 Fluid 
Dynamics and Thermodynamics, For astro chemistry see category 90 Astrophysics. 


Includes physical, chemical, and mechanical properties of metals and metallic materials; and 
metallurgy. 

Monmatalfic IViatsriais NLA.* 

Includes physical, chemical, and mechanical properties of plastics, elastomers, lubricants, 
polymers, textiles, adhesives, and ceramic materials. For composite materials see 24 
Composite Materials. 


28 Propellants and Fuels 

Includes rocket propellants, igniters and oxidizers; their storage and handling procedures; 
and aircraft fuels. For nuclear fuels see 73 Nuclear Physics. For related information see also 
07 Aircraft Propulsion and Power, 20 Spacecraft Propulsion and Power, and 44 Energy 
Production and Conversion. 



Includes space-based development of materials, compounds, and processes for research or 
commercial application. Also includes the development of materials and compounds in 
simulated reduced-gravity environments. For legal aspects of space commercialization see 
84 Law, Political Science and Space Policy. 


Subject Categories of the Division D. Engineering 


Select a category to view the collection of records cited. N.A. means no abstracts in that category. 


Includes general research topics to engineering and applied physics, and particular areas of 
vacuum technology, industrial engineering, cryogenics, and fire prevention. For specific 
topics in engineering see categories 32 through 39. 


IX 



Includes radar; radio, wire, and optical communications; land and global communications; 
communications theory. For related information see also 04 Aircraft Communications and 
Navigation; and 1 7 Space Communications, Spacecraft Communications, Command and 
Tracking; for search and rescue see 03 Air Transportation and Safety, and 16 Space 
Transportation and Safety. 



Includes development, performance, and maintainability of electrical/electronic devices and 
components; related test equipment, and microelectronics and integrated circuitry. For 
related information see also 60 Computer Operations and Hardware; and 76 Solid-State 
Physics. For communications equipment and devices see 32 Communications and Radar. 


lermodynamics 


Includes fluid dynamics and kinematics and all forms of heat transfer; boundary layer flow; 
hydrodynamics; hydraulics; fluidics; mass transfer and ablation cooling. For related 
information see also 02 Aerodynamics. 


Instrumentation and Photography N.A. 

Includes remote sensors; measuring instruments and gauges; detectors; cameras and 
photographic supplies; and holography. For aerial photography see 43 Earth Resources and 
Remote Sensing. For related information see also 06 Avionics and Aircraft Instrumentation; 
and 19 Spacecraft Instrumentation. 


Includes lasing theory, laser pumping techniques, maser amplifiers, laser materials, and the 
assessment of laser and maser outputs. For cases where the application of the laser or maser 
is emphasized see also the specific category where the application is treated. For related 
information see also 76 Solid-State Physics. 


Includes mechanical devices and equipment; machine elements and processes. For cases 
where the application of a device or the host vehicle is emphasized see also the specific 
category where the application or vehicle is treated. For robotics see 63 Cybernetics, 
Artificial Intelligence, and Robotics', and 54 Man/System Technology and Life Support. 




Includes approaches to, and methods for reliability analysis and control, inspection, 
maintainability, and standardization. 



Includes structural element design, analysis and testing; dynamic responses of structures; 
weight analysis; fatigue and other structural properties; and mechanical and thermal stresses 
in structure. For applications see 05 Aircraft Design, Testing and Performance and 18 
Spacecraft Design, Testing and Performance. 


Subject Categories of the Division E* Geosciences 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general research topics related to the Earth sciences, and the specific areas of 
petrology, mineralogy, and general geology. For other specific topics in geosciences see 
categories 42 through 48. 



Includes remote sensing of earth features, phenomena and resources by aircraft, balloon, 
rocket, and spacecraft; analysis or remote sensing data and imagery; development of remote 
sensing products; photogrammetry; and aerial photographs. For instrumentation see 35 
Instrumentation and Photography. 


44 Energy Production and Conversion 41 

Includes specific energy conversion systems, e.g., fuel cells; and solar, geothermal, 
windpower, and waterwave conversion systems; energy storage; and traditional power 
generators. For technologies related to nuclear energy production see 73 Nuclear Physics. 
For related information see also 07 Aircraft Propulsion and Power; 20 Spacecraft 
Propulsion and Power, and 28 Propellants and Fuels. 


Includes atmospheric, water, soil, noise, and thermal pollution. 


Includes earth structure and dynamics, aeronomy; upper and lower atmosphere studies; 
ionospheric and magnetospheric physics; and geomagnetism. For related information see 47 
Meteorology and Climatology; and 93 Space Radiation. 



Includes weather observation forecasting and modification. 



Includes the physical, chemical and biological aspects of oceans and seas; ocean dynamics, 
and marine resources. For related information see also 43 Earth Resources and Remote 
Sensing. 


XI 



Subject Categories of the Division F. Life Sciences 


Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general research topics related to plant and animal biology (non-human); ecology; 
microbiology; and also the origin, development, structure, and maintenance, of animals and 
plants in space and related environmental conditions. For specific topics in life sciences see 
categories 52 through 55. 



Includes the biological and physiological effects of atmospheric and space flight 
(weightlessness, space radiation, acceleration, and altitude stress) on the human being; and 
the prevention of adverse effects on those environments. For psychological and behavioral 
effects of aerospace environments see 53 Behavioral Science. For the effects of space on 
animals and plants see 51 Life Sciences. 


Includes psychological factors; individual and group behavior; crew training and evaluation; 
and psychiatric research. 


4 Man/System Technology and Life Support 42 

Includes human factors engineering; bionics, man-machine, life support, space suits and 
protective clothing. For related information see also 16 Space Transportation and 52 
Aerospace Medicine.. 


Includes astrobiology; planetary biology; and extraterrestrial life. For the biological effects 
of aerospace environments on humans see 52 Aerospace medicine ; on animals and plants see 
51 Life Sciences. For psychological and behavioral effects of aerospace environments see 
53 Behavioral Science. 


Subject Categories of the Division G* Mathematical 
and Computer Sciences 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general topics and overviews related to mathematics and computer science. For 
specific topics in these areas see categories 60 through 67. 


XII 



Includes hardware for computer graphics, firmware and data processing. For components 
see 33 Electronics and Electrical Engineering. For computer vision see 63 Cybernetics, 
Artificial Intelligence and Robotics. 


Includes software engineering, computer programs, routines, algorithms, and specific 
applications, e.g., CAD/CAM. For computer software applied to specific applications, see 
also the associated category. 



Includes computer networks and distributed processing systems. For information systems 
see 82 Documentation and Information Science. For computer systems applied to specific 
applications, see the associated category. 



Artificial Intelligence 


Includes feedback and control theory, information theory, machine learning, and expert 
systems. For related information see also 54 Man/System Technology and Life Support. 


Numerical Analysis 

Includes iteration, differential and difference equations, and numerical approximation. 


65 Statistics and Probability 65 

Includes data sampling and smoothing; Monte Carlo method; time series and analysis; and 
stochastic processes. 

86 Systems Analysis and Operations Research 89 

Includes mathematical modeling of systems; network analysis; mathematical programming; 
decision theory; and game theory. 


Includes algebra, functional analysis, geometry, topology set theory, group theory and and 
number theory. 

Subject Categories of the Division HL Fhvsics 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 



Includes general research topics related to mechanics, kinetics, magnetism, and 
electrodynamics. For specific areas of physics see categories 71 through 77. For related 
instrumentation see 35 Instrumentation and Photography; for geophysics, astrophysics or 
solar physics see 46 Geophysics, 90 Astrophysics, or 92 Solar Physics. 


xiii 


Includes sound generation, transmission, and attenuation. For noise pollution see 45 
Environment Pollution. For aircraft noise see also 02 Aerodynamics and 07 Aircraft 
Propulsion Propulsion and Power. 


Includes atomic and molecular structure, electron properties, and atomic and molecular 
spectra. For elementary particle physics see 73 Nuclear Physics. 



Includes nuclear particles; and reactor theory. For space radiation see 93 Space Radiation. 
For atomic and molecular physics see 72 Atomic and Molecular Physics. For elementary 
particle physics see 77 Physics of Elementary Particles and Fields. For nuclear astrophysics 
see 90 Astrophysics. 



Includes light phenomena and the theory of optical devices. For lasers see 36 Lasers and 
Masers. 


75 Plasma Physics NLA, 

Includes magnetohydrodynamics and plasma fusion. For ionospheric plasmas see 46 
Geophysics. For space plasmas see 90 Astrophysics. 
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6 bOIICPbtate Physics NLA, 

Includes condensed matter physics, crystallography, and superconductivity. For related 
information see also 33 Electronics and Electrical Engineering and 36 Lasers and Masers. 


77 Physics of Elementary Particles and Fields N.A. 

Includes quantum mechanics; theoretical physics; and statistical mechanics. For related 
information see also 72 Atomic and Molecular Physics, 73 Nuclear Physics, and 25 
Inorganic, Organic and Physical Chemistry’. 


Subject Categories of the Division I. Social and 
Information Sciences 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 


Includes general research topics related to sociology; educational programs and curricula. 



Includes management planning and research. 


XIV 


Includes information management; information storage and retrieval technology; technical 
writing; graphic arts; and micrography. For computer documentation see 61 Computer 
Programming and Software. 



Includes cost effectiveness studies. 



s 


pace 



Includes: aviation law; space law and policy; international law; international cooperation; 
and patent policy. 



Includes aerospace technology transfer; urban technology; surface and mass transportation. 
For related infoimation see 03 Air Transportation and Safety, 16 Space Transportation and 
Safety, and 44 Energy Production and Conversion. For specific technology transfer 
applications see also the category where the subject is treated. 


Subject Categories of the Division J. Space Sciences 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 


88 Space Sciences (General) NLA, 

Includes general research topics related to the natural space sciences. For specific topics in 
Space Sciences see categories 89 through 93. 


Includes observations of celestial bodies, astronomical instruments and techniques; radio, 
gamma-ray, x-ray, ultraviolet, and infrared astronomy; and astrometry. 



Includes cosmology; celestial mechanics; space plasmas; and interstellar and interplanetary 
gases and dust. 


1 Lunar and Planetary Science and Exploration N.A. 

Includes planetology; selenology; meteorites; comets; and manned and unmanned planetary 
and lunar flights. For spacecraft design or space stations see 18 Spacecraft Design, Testing 
and Performance. 



Includes solar activity, solar flares, solar radiation and sunspots. For related infoimation see 
93 Space Radiation. 


xv 



Includes cosmic radiation; and inner and outer Earth radiation belts. For biological effects 
of radiation on plants and animals see 52 Aerospace Medicine. For theory see 73 Nuclear 
Physics. 


Subject Categories of the Division K„ General 

Select a category to view the collection of records cited. N.A. means no abstracts in that category. 


Includes aeronautical, astronautical, and space science related histories, biographies, and 
pertinent reports too broad for categorization; histories or broad overviews of NASA 
programs such as Apollo, Gemini, and Mercury spacecraft, Earth Resources Technology 
Satellite (ERTS), and Skylab; NASA appropriations healings. 
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The mission of the NASA Scientific and Technical (STI) Program Office is to quickly, efficiently, 
and cost-effectively provide the NASA community with desktop access to STI produced by NASA 
and the world’s aerospace industry and academia. In addition, we will provide the aerospace 
industry, academia, and the taxpayer access to the intellectual scientific and technical output and 
achievements of NASA. 

Eligibility and Registration for NASA STI Products and Services 

The NASA STI Program offers a wide variety of products and services to achieve its mission. Your 
affiliation with NASA determines the level and type of services provided by the NASA STI 
Program. To assure that appropriate level of services are provided, NASA STI users are requested to 
register at the NASA Center for AeroSpace Information (CASI). Please contact NASA CASI in one 
of the following ways: 

E-mail: help@sti.nasa.gov 

Fax: 301-621-0134 

Phone: 301-621-0390 

Mail: ATTN: Registration Services 

NASA Center for AeroSpace Information 
7121 Standard Drive 
Hanover, MD 21076-1320 

Limited Reproducibility 

In the database citations, a note of limited reproducibility appears if there are factors affecting the 
reproducibility of more than 20 percent of the document. These factors include faint or broken type, 
color photographs, black and white photographs, foldouts, dot matrix print, or some other factor that 
limits the reproducibility of the document. This notation also appears on the microfiche header. 

NASA Patents and Patent Applications 

Patents owned by NASA are announced in the STI Database. Printed copies of patents (which are not 
microfiched) are available for purchase from the U.S. Patent and Trademark Office. 

When ordering patents, the U.S. Patent Number should be used, and payment must be remitted in 
advance, by money order or check payable to the Commissioner of Patents and Trademarks. Prepaid 
purchase coupons for ordering are also available from the U.S. Patent and Trademark Office. 

Patents and patent applications owned by NASA are available for licensing. Requests for licensing 
terms and further information should be addressed to: 
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National Aeronautics and Space Administration 
Associate General Counsel for Intellectual Property 
Code GP 

Washington, DC 20546-0001 

Sources for Documents 

One or more sources from which a document announced in the STI Database is available to the 
public is ordinarily given on the last line of the citation. The most commonly indicated sources and 
their acronyms or abbreviations arc listed below, with an Addresses of Organizations list near the 
back of this section. If the publication is available from a source other than those listed, the publisher 
and his address will be displayed on the availability line or in combination with the corporate source. 

Avail: NASA CASI. Sold by the NASA Center for AeroSpace Information. Prices for hard copy 

(HC) and microfiche (MF) are indicated by a price code following the letters HC or MF in 
the citation. Current values are given in the NASA CASI Price Code Table near the end of 
this section. 

Note on Ordering Documents: When ordering publications from NASA CASI, use the document ID number 
or other report number. It is also advisable to cite the title and other bibliographic identification. 

Avail: SOD (or GPO). Sold by the Superintendent of Documents, U.S. Government Printing 

Office, in hard copy. 

Avail: BLL (formerly NLL): British Library Lending Division, Boston Spa, Wetherby, Yorkshire, 

England. Photocopies available from this organization at the price shown. (If none is given, 
inquiry should be addressed to the BLL.) 

Avail: DOE Depository Libraries. Organizations in U.S. cities and abroad that maintain 

collections of Department of Energy reports, usually in microfiche form, are listed in 
Energy Research Abstracts. Services available from the DOE and its depositories are 
described in a booklet, DOE Technical Information Center — Its Functions and Services 
(TID-4660), which may be obtained without charge from the DOE Technical Information 
Center. 

Avail: ESDU. Pricing information on specific data, computer programs, and details on ESDU 

International topic categories can be obtained from ESDU International. 

Avail: Fachinformationszentrum Karlsruhe. Gesellschaft fur wissenschaftlich-technische 

Information mbH 76344 Eggenstein-I^eopoldshafen, Germany. 

Avail: HMSO. Publications of Her Majesty’s Stationery Office are sold in the U.S. by Pendragon 

House, Inc. (PHI), Redwood City, CA. The U.S. price (including a service and mailing 
charge) is given, or a conversion table may be obtained from PHI. 

Avail: Issuing Activity, or Corporate Author, or no indication of availability. Inquiries as to the 

availability of these documents should be addressed to the organization shown in the 
citation as the corporate author of the document. 
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Avail: NASA Public Document Rooms. Documents so indicated may be examined at or purchased 

from the National Aeronautics and Space Administration (JBD-4), Public Documents 
Room (Room 1H23), Washington, DC 20546-0001, or public document rooms located at 
NASA installations, and the NASA Pasadena Office at the Jet Propulsion Laboratory. 

Avail: NTIS. Sold by the National Technical Information Service. Initially distributed microfiche 

under the NTIS SRIM (Selected Research in Microfiche) arc available. For information 
concerning this service, consult the NTIS Subscription Section, Springfield, VA 22161. 

Avail: Univ. Microfilms. Documents so indicated are dissertations selected from Dissertation 

Abstracts and are sold by University Microfilms as xerographic copy (HC) and microfilm. 
All requests should cite the author and the Order Number as they appeal’ in the citation. 

Avail: US Patent and Trademark Office. Sold by Commissioner of Patents and Trademarks, U.S. 

Patent and Trademark Office, at the standard price of $1.50 each, postage free. 

Avail: (US Sales Only). These foreign documents are available to users within the United States 

from the National Technical Information Service (NTIS). They are available to users 
outside the United States through the International Nuclear Information Service (INIS) 
representative in their country, or by applying directly to the issuing organization. 

Avail: USGS. Originals of many reports from the U.S. Geological Survey, which may contain 

color illustrations, or otherwise may not have the quality of illustrations preserved in the 
microfiche or facsimile reproduction, may be examined by the public at the libraries of the 
USGS field offices whose addresses are listed on the Addresses of Organizations page. The 
libraries may be queried concerning the availability of specific documents and the possible 
utilization of local copying services, such as color reproduction. 
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7121 Standard Drive 
Hanover, MD 21076-1320. 

Reprints of journal articles, book chapters, and conference papers are also welcome. 
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Typical Report Citation and Abstract 


O 19970001126 NASA Langley Research Center, Hampton, VA USA 

0 Water Tunnel Flow Visualization Study Through Posts tall of 12 Novel Planform Shapes 

© Gatlin, Gregory M„ NASA Langley Research Center, USA Neuhart, Dan H., Lockheed Engineering and Sciences Co., USA; 

© Mar. 1996; 130p; In English 

© C ontract( s)/Grant( s) : RTOP 505-68-70-04 

© Report No(s): NASA-TM-4663; NAS 1.15:4663; L-17418; No Copyright; Avail: CASI; A07, Hardcopy; A02, Microfiche 

© To determine the flow field characteristics of 12 planform geometries, a flow visualization investigation was conducted 

in the Langley 16- by 24-Inch Water Tunnel. Concepts studied included flat plate representations of diamond wings, twin 
bodies, double wings, cutout wing configurations, and serrated forebodies. The off-surface flow patterns were identified by 
injecting colored dyes from the model surface into the free-stream flow. These dyes generally were injected so that the local- 
ized vortical flow patterns were visualized. Photographs were obtained for angles of attack ranging from 10’ to 50’, and all 
investigations were conducted at a test section speed of 0.25 ft per sec. Results from the investigation indicate that the forma- 
tion of strong vortices on highly swept forebodies can improve poststall lift characteristics; however, the asymmetric bursting 
of these vortices could produce substantial control problems. A wing cutout was found to significantly alter the position of 
the forebody vortex on the wing by shifting the vortex inboard. Serrated forebodies were found to effectively generate multi- 
ple vortices over the configuration. Vortices from 65’ swept forebody serrations tended to roll together, while vortices from 
40’ swept serrations were more effective in generating additional lift caused by their more independent nature. 

© Author 

© Water Tunnel Tests; Flow Visualization; Flow Distribution; Free Flow; Planforms; Wing Profiles; Aerodynamic 
Configurations 
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FAULT TREE ANALYSIS 

A Special Bibliography from the NASA Scientific and Technical Information (STI) Program 


JULY 2000 


01 

AERONAUTICS (GENERAL) 


Includes general research topics related to manned and unmanned aircraft and the problems of flight within the Earth’s atmosphere. 
Also Includes manufacturing, maintenance, and repair of aircraft. For specific topics in aeronautics see categories 02 through 09. For 
information related to space vehicles see 12 Astronautics. 


19850008446 McDonnell Aircraft Co., Saint Louis, MO, USA 

Avionics fault tree analysis and artifteal intelligence for future aircraft maintenance 

Harris, M. E., McDonnell Aircraft Co., USA; Snodgrass, T. D„ McDonnell Aircraft Co., USA; AGARD Design for Tactical 
Avionics Maintainability; Oct 1, 1984, pp. 12 p; In English; See also N85-16731 08-01; Avail: CASI; A03, Hardcopy; A03, 
Microfiche 

The avionics fault tree analyzer (AFTA) was developed as an interim support tool for the Navy prior to attainment of total 
organic support capability, and as an alternate method of support to reduce life cycle/cost for F/A-18 foreign military sales. With 
the transformation of the AFTA concept from ground support equipment to avionics, a quantitative improvement in life cycle costs 
will be obtained through the application of artificial intelligence (AT) techniques. The AI is expected to see applications to 
practical problems in many disciplines; and one of which is the implementation of military fault diagnostic systems. A smart BIT 
was developed which will reduce false alarms, identify intermittent failures, and improve fault isolation to the lowest possible 
element by AI technique. Increasing density of computer memory, modularly designed avionic functions and the use of very large 
scale, and high speed integrated devices will allow future aircraft to fly with the AFTA function. Ramifications such as eliminating 
the need for intermediate avionic repair facilities, increased aircraft operational readiness, decrease in aircraft recurring costs, and 
a reduction in spares investment are discussed. The AFTA concept, life cycle cost advantages, and the implementation of artificial 
intelligence in future avionic designs relative to improved reliability and maintainability are summarized. 

E.A.K. 

Aircraft Maintenance; Artificial Intelligence; Avionics; Fault Trees 


19910032617 


Aging Army aircraft 

Neri, Lewis, U.S. Army, Aviation Systems Command, Corpus, USA; Jan 1, 1990; lOp; In English; 46th; AHS, Annual Forum, 
May 21-23, 1990, Washington, DC, USA; See also A91-17201; Copyright; Avail: Issuing Activity 

Reliability-centered maintenance is a broadbased management and system engineering program that emphasizes a preventive 
approach to maintenance. Corrosion detection and prevention are principal concerns in this program which utilizes an analytical 
approach based on fault tree analysis to facilitate development of improved airframe condition evaluation/aircraft analytical 
corrosion evaluation and preshop analysis. The U.S. Army Depot Engineering and Reliability Centered Maintenance Support 
Office is also investigating ion implantation and plasma chemical vapor deposition techniques to determine their feasiblity for 
prevention of corrosion. 

AIAA 

Aging (Materials); Corrosion Prevention; Military Aircraft; Military Technology; Structural Failure 


1 




03 

AIR TRANSPORTATION AND SAFETY 


Includes passenger and cargo air transport operations; aircraft ground operations; flight safety and hazards; and aircraft accidents. 
Systems and hardware specific to ground operations of aircraft and to airport construction are covered in 09 Research and Support 
Facilities (Air). Air traffic control is covered in 04 Aircraft Communications and Navigation. For related information see also 16 Space 
Transportation and Safety; and 85 Technology Utilization and Surface Transportation. 


19950004035 Rolls-Royce Ltd., Industrial and Marine Gas Turbines., Coventry, West Midlands, UK 

The application of aerospace safety and reliability analysis techniques to high speed marine transport 

Moore, T. C., Rolls-Royce Ltd., UK; Wilkinson, B„ Rolls-Royce Ltd., UK; May 7, 1992; 14p; In English; Safety for High Speed 

Passenger Craft: The Way Ahead, 7-8 May 1992, London, UK 

Report No.(s): PNR-91071; Copyright; Avail; Issuing Activity (European Space Agency (ESA)), Unavail. Microfiche; Limited 
Reproducibility: More than 20% of this document may be affected by microfiche quality 

The application of aerospace safety and reliability techniques to high speed marine craft is discussed, taking into account 
the following: why failures occur; how safety is demonstrated; what is gained from safety and reliability analyses; the techniques 
used; and the cost of such analyses. It is concluded that the application of aerospace safety and reliability techniques in their 
entirety to high speed marine craft would impose an unnecessary burden both in terms of the time scales, complexity of the task, 
and the associated costs involved. The judicious use of Fault Tree Analysis (FTA), coupled with a Failure Mode Effect 
Significance Analysis (FMESA) study at a functional rather than at a component level, can provide a cost effective means of 
demonstrating objectively the safety and reliability levels of a high speed marine craft. This is of vital importance to an industry 
where the individual craft design production levels are unlikely to be high when compared with the aircraft industry. The use of 
PC (Personal Computer) based FMEA and FTA software could further reduce the cost, particularly the ’first time’ cost. 

ESA 

Air Transportation; Failure Analysis; Fault Trees; Marine Transportation 


19980160660 

Implementation of an integrated safety-program - The MD-90 antiskid system 

Redgate, Marianne L„ Douglas Aircraft Co., USA; McKelvey, Michael H., Douglas Aircraft Co., USA; Jolly, Carolyn L„ Douglas 
Aircraft Co., USA; 1994, pp. 52-58; In English; Copyright; Avail: Aeroplus Dispatch 

At Douglas Aircraft Company (DAC), an integrated safety program is comprised of four major analyses, each of which is 
intended to provide design requirements and results that satisfy DAC, FAA, and Joint Aviation Administration requirements to 
maximize safety for the airplane, the Hying public, and the public-at-large. These four analyses are: functional hazard analysis, 
system failure mode and effects analysis, fault tree analysis, and zonal analysis. Every new or major-modified system designed 
for DAC’s latest airplane, the MD-90, incorporates an integrated safety program. One such system, the antiskid system, has 
repeatedly used the integrated safety program as a primary design tool and is a particularly satisfying example of what DAC calls 
’Design for Safety’. 

Author (AIAA) 

Aircraft Safety; Systems Integration; Failure Modes; Fault Trees; Aircraft Design 


19980207345 

Safety assessment of aircraft mounted systems 

Trotta, Luigi, Alenia Aerospazio, Italy; Buffardi, Riccardo, Alenia Aerospazio, Italy; Querzoli, Rodolfo, Alenia Aerospazio, 
Italy; Sep. 1998; In English 

Report No.(s): ICAS Paper 98-6,7,3; Copyright; Avail: Aeroplus Dispatch 

This contribution highlights methodology to assess the safety aspects of military aircraft systems, a part of a fly-by-wire A/C. 
The correlations between FMECA and Safety Assessment will be shown to identify all possible hazards caused by single failures. 
A tool using fault tree analysis approach, to assess from a quantitative and qualitative point of view the discovered hazards, 
identifies the minimal cut sets and critical items in the system configuration. Zonal hazard analysis is used to show how to identify 
the hazards due to the physical location of the system components and the possible effects due to component failures, 
disadvantageous operating conditions, maintenance errors, and environment induced faults. Software safety assessment is 
performed to analyze and assess the safety of the software configuration items of a system and ensure that a risk classification 
is allocated appropriate to the severity of hazard which could be caused by a software error. These results lead to a definition of 
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the critical areas and the possible corrective actions, providing a compliance statement for system qualification and airworthiness 
requirements. 

Author (AIAA) 

Military Aircraft; Aircraft Safety; Fly by Wire Control; Fault Trees; Software Development Tools 


19980210315 Brookhaven National Lab., Upton, NY USA 

On the safety of aircraft systems; A ease study 

Martinez-Guridi, G., Brookhaven National Lab., USA; Hall, R. E., Brookhaven National Lab., USA; Fullwood, R. R., 
Brookhaven National Lab., USA; May 14, 1997; 45p; In English 
Contract(s)/Grant(s): DE-AC02-76CH-00016; 95-G-039 

Report No.(s): BNL-64946; DE98-002766; No Copyright; Avail: Issuing Activity (Natl Technical Information Service (NTIS)), 
Hardcopy, Microfiche 

An airplane is a highly engineered system incorporating control- and feedback-loops which often, and realistically, are 
non-linear because the equations describing such feedback contain products of state variables, trigonometric or square-root 
functions, or other types of non-linear terms. The feedback provided by the pilot (crew) of the airplane also is typically non-linear 
because it has the same mathematical characteristics. An airplane is designed with systems to prevent and mitigate undesired 
events. If an undesired triggering event occurs, an accident may process in different ways depending on the effectiveness of such 
systems. In addition, the progression of some accidents requires that the operating crew take corrective action(s), which may 
modify the configuration of some systems. The safety assessment of an aircraft system typically is carried out using ARP 
(Aerospace Recommended Practice) 4761 (SAE, 1995) methods, such as Fault Tree Analysis (FTA) and Failure Mode and Effects 
Analysis (FMEA). Such methods may be called static because they model an aircraft system on its nominal configuration during 
a mission time, but they do not incorporate the action(s) taken by the operating crew, nor the dynamic behavior (non-linearities) 
of the system (airplane) as a function of time. Probabilistic Safety Assessment (PSA), also known as Probabilistic Risk 
Assessment (PRA), has been applied to highly engineered systems, such as aircraft and nuclear power plants. PSA encompasses 
a wide variety of methods, including event tree analysis (ETA), FTA, and common-cause analysis, among others. PSA should not 
be confused with ARP 4761’s proposed PSSA (Preliminary System Safety Assessment); as its name implies, PSSA is a 
preliminary assessment at the system level consisting of FTA and FMEA. 

DOE 

Failure Analysis; Safety Factors; Feedback Control; Aeronautics 


05 

AIRCRAFT DESIGN, TESTING AND PERFORMANCE 

Includes all stages of design of aircraft and aircraft structures and systems. Also includes aircraft testing, performance, and 
evaluation, and aircraft and flight simulation technology. For related information, see also 18 Spacecraft Design, Testing and 
Performance and 39 Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and Surface 
Transportation. 


19720011367 University of Southern California, Inst, of Aerospace Safety and Management., Los Angeles, CA, USA 

Analytical techniques for effective maintenance 

Hall, D. S., University of Southern California, USA; Holt, E. L., University of Southern California, USA; Jan 1, 1971; 14p; In 
English; 7th; Ann. Intern. Aviation Maintenance Symp., 7-9 Dec. 1971, Oklahoma City; Avail: CASI; A03, Hardcopy; A01, 
Microfiche 

Systems analysis techniques are applied to aircraft maintenance to achieve aviation safety. The failure mode analysis method 
is discussed along with the fault tree analysis method. It is concluded: (1) The maintenance manager needs to know how to make 
decisions and that these decisions affect the safety and efficiency of his operation. (2) Many of these decisions can be made in 
advance when time or other pressure is not a factor. (3) Greater knowledge of the implications of a decision is available to the 
individual who approaches each problem systematically. (4) Systematic and analytical decision making is within the capability 
of today’s maintenance activity. 

CASI 

Aircraft Maintenance; Aircraft Safety; Failure Analysis; Systems Analysis 
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19760057160 

Seeking failure-free systems 

Merkling, R. E„ USAF, USA; Air University Review; Aug 1, 1976; 27, pp. July-Aug; In English; 1976, p. 41-50; Avail: Issuing 
Activity 

The need for developing failure-free systems for USAF aircraft is advocated, with figures relating major aircraft accidents 
and costs. Fault tree analysis is described and applied to fire threat and prevention on fighter aircraft. 

AIAA 

Accident Prevention; Aircraft Accidents; Fail-Safe Systems; Fighter Aircraft; Fire Prevention 


19890059099 

Probabilistic analysis of aircraft structure 

Zielinski, Paul A., Boeing Military Airplane Co., USA; Jan 1, 1989; 6p; In English; Annual Reliability and Maintainability 
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38; Copyright; Avail: Issuing Activity 

Probabilistic structural mechanics (PSM) has been promoted for use in the design of products. The author presents the 
practical methods for applying PSM to critical aircraft component fault-tree analysis. The B-1B Common Strategic Rotary 
Fauncher (CSRL) fault-tree analysis is used as a demonstative example of mechanical component failure probabilities calculated 
using PSM. The CSRL components demonstrate how this methodology accounts for aircraft limit loads, limit load exceedances 
per flight hour, material properties, and stress analysis or structural test results. 

AIAA 

Aircraft Structures; Failure Analysis; Fault Trees; Probability Theory; Stress Analysis; Structural Reliability 


1998011.7945 

The service reliability analysis for the brake unit of a certain model aircraft 

Fu, Changan, Air Force Aero College No. 2, China; Wang, Yuanda, Air Force Aero College No. 2, China; 1995, pp. 79-82; In 
English; Copyright; Avail; Aeroplus Dispatch 

When aircraft of certain models land and the pilots brake, the service tire skidding and tire blowout are frequently occurring 
faults, endangering the landing safety. After having investigated and analyzed such incidents, the departments concerned think 
the fault is mainly caused by the improper brake operation when the aircraft lands. Using the fault tree analysis method, the paper 
first discusses the causes which result in severe tire skidding and blowout when the aircraft is braked, then presents some factors 
which the pilots and the ground crew should pay attention to in the actual use and maintenance work. Finally, improvements in 
the structure of the decelostat are proposed. 

Author (AIAA) 

Service Life; Reliability Analysis; Aircraft Brakes; Aircraft Models; Fault Trees; Skidding 


19980139158 

Heavy transport aircraft reliability study 

Chiesa, S., Torino, Politecnico, Italy; Gianotti, P, Torino, Politecnico, Italy; Maggiore, R, Torino, Politecnico, Italy; 1996, pp. 
682-690; In English; Copyright; Avail; AIAA Dispatch 

The analysis of safety and reliability is of primary importance during the design of a modem, large complex aircraft. On the 
other other hand, the intrinsic complexity of large, multiple-redundant systems usually impose severe limitations on both the depth 
and the extension of this analysis. In this work, a computer program for the reliability analysis of a generic system is presented, 
underlining the advantages of a computer-based approach to the problem. The philosophy which stands behind such an approach 
consists of a tailoring of well-known Failure Modes and Effect Analysis and Fault Tree Analysis techniques. The results of the 
automatic analysis include symbolic evaluation of fault and functional trees, minimal-paths and minimal cut sets determination, 
and sensitivity analysis. 

Author (AIAA) 

Transport Aircraft; Aircraft Reliability; Aircraft Design; Expert Systems; Fault Trees 
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06 

AVIONICS AND AIRCRAFT INSTRUMENTATION 


Includes all stages of design of aircraft and aircraft structures and systems. Also includes aircraft testing, performance, and 
evaluation, and aircraft and flight simulation technology. For related information, see also 18 Spacecraft Design, Testing and 
Performance and 39 Structural Mechanics. For land transportation vehicles, see 85 Technology Utilization and Surface 
Transportation. 


19940034825 NASA Ames Research Center, Moffett Field, CA, USA 

A quantitative analysis of the F18 flight control system 

Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B., Virginia Univ., USA; Patterson-Hine, Ann, NASA Ames Research Center, 
USA; In: AIAA Computing in Aerospace Conference, 9th, San Diego, CA, Oct. 19-21, 1993, Technical Papers. Pt. 1 (A94-1 1401 
01-62); 1993, pp. 668-675.; In English; See also A94-11401 
Contract(s)/Grant(s): NCA2-617 

Report No.(s): AIAA PAPER 93-4574; Copyright; Avail; Issuing Activity 

This paper presents an informal quantitative analysis of the FI 8 flight control system (FCS). The analysis technique combines 
a coverage model with a fault tree model, to demonstrate the method’s extensive capabilities, we replace the fault tree with a 
digraph model of the F18 FCS, the only model available to us. The substitution shows that while digraphs have primarily been 
used for qualitative analysis, they can also be used for quantitative analysis. Based on our assumptions and the particular failure 
rates assigned to the F18 FCS components, we show that coverage does have a significant effect on the system’s reliability and 
thus it is important to include coverage in the reliability analysis. 

Control Systems Design; F-18 Aircraft; Failure Modes; Fault Trees; Flight Control; Reliability Analysis 

19980147707 

Dynamic fault tree analysis for the Digital Fly-By-Wire Flight Control System 

Yao, Yiping, Beijing Univ. of Aeronautics and Astronautics, China; Yang, Xiaojun, Beijing Univ. of Aeronautics and 
Astronautics, China; Li, Peiqiong, Beijing Univ. of Aeronautics and Astronautics, China; 1996, pp. 479-484; In English; 
Copyright; Avail; AIAA Dispatch 

The Digital Fly-By- Wire (FBW) FCS is designed to a achieve high level of reliability, and frequently employs high level of 
redundancy. The dynamic redundancy employed in the FBW system can realize complex fault and error diagnosis, recovery, and 
reconfiguration. It is very difficult to analyze the reliability of the FBW system by traditional methods, such as fault tree analysis 
(FTA) or network analysis. This paper describes dynamic fault-tree modeling techniques for handling these difficulties and 
provides a Markov chain generation modeling method for converting the dynamic fault tree to the Markov chain. The software 
failure of the FBW system can also be considered in the model. An example of a quadruple FBW redundant system and a Markov 
state transition chain software package is given. 

Author (AIAA) 

Fault Trees; Fly by Wire Control; Digital Systems; Dynamic Models 


07 

AIRCRAFT PROPULSION AND POWER 

Includes prime propulsion systems and systems components, e.g., gas turbine engines and compressors; and onboard auxiliary 
power plants for aircraft. For related information see also 20 Spacecraft Propulsion and Power, 28 Propellants and Fuels, and 44 
Energy Production and Conversion. 


19800072732 Science Applications, Inc., Palo Alto, CA, USA 

Fault tree analysis for reliability prediction of gas turbine type power plants. Volume 2: Appendixes Final Report 

Kelly, J. E., Science Applications, Inc., USA; Erdmann, R. C., Science Applications, Inc., USA; Gilbert, K., Science Applications, 
Inc., USA; Jun 1, 1978; 85p; In English; Sponsored by EPRI 
Report No.(s): EPRI-AF-8 1 1-VOL-2-APP; Avail: CASI; A05, Hardcopy, Microfiche 
No abstract. 

Electric Power Plants; Fault Trees; Gas Turbines; Performance Prediction; Systems Analysis 
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19950004033 Rolls-Royce Ltd., Industrial and Marine Gas Turbines., Coventry, West Midlands, UK 

The reliability of aero-derived marine gas turbines 

Moore, Tim C., Rolls-Royce Ltd., UK; Wilkinson, Brian, Rolls-Royce Ltd., UK; Jan 1, 1992; 17p; In English; High Speed Surface 
Craft Conference, Jan. 1992, London, LTK 

Report No.(s): PNR-90982; Copyright; Avail; Issuing Activity (European Space Agency (ESA)), Unavail. Microfiche; Limited 
Reproducibility: More than 20% of this document may be affected by microfiche quality 

An overview of work carried out to assess the safety and reliability of the Marine Spey, a marine propulsion gas turbine unit, 
is reported. The question of the limit of safety inherent in reliability of an aeroengine is considered. Failure probabilities are 
defined both qualitatively and quantitatively, and it is shown how the combination of failure effect category and probability rank 
defines the risk level. Means of assessing the capability of a design to comply to the reliability standards are addressed. These can 
take the form of a Failure Mode Effects Analysis (FMEA), Failure Mode Effect Criticality Analysis (FMECA), or a Failure Mode 
Effect Systems Analysis (FMESA). The latter investigates the significance of a system or subsystem failure on the operation of 
the overall plant. The use of FMESA studies on aero derived marine gas turbines is considered, and the safety and reliability in 
fast ferries is discussed. Modem FEA techniques, which include the Fault Tree Analysis (FTA) used to assess safety, control and 
protection system reliability, are considered. 

ESA 

Engine Design; Engine Failure; Failure Analysis; Gas Turbine Engines; Marine Propulsion; Reliability; System Failures 

09 

RESEARCH AND SUPPORT FACILITIES (AIR) 

Includes airports, runways, hangars, and aircraft repair and overhaul facilities; wind tunnels, water tunnels, and shock tubes; flight 
simulators; and aircraft engine test stands. Also includes airport ground equipment and systems. For airport ground operations see 
03 Air Transportation and Safety. For astronauticai facilities see 14 Ground Support Systems and Facilities (Space). 

19840068890 Minority Enterprise Service Associates, Orem, UT, USA 
Large-coil-test facility fault-tree analysis 
May 31, 1982; 168p; In English 
Contract(s)/Grant(s): DE-AC01-8 1ER-52074 

Report No.(s): DE83-002783; DOE/ER-52074-T1; Avail; CASI; AOS, Hardcopy, Microfiche 
No abstract. 

Cryogenics; Fault Trees; Parameter Identification; Safety; Systems 

19690031585 Battelle Northwest Labs., Pacific Northwest Lab., Richland, WA, USA 

Preliminary fault tree analysis for the FFTF 

Me Laughlin, M. A., Battelle Northwest Labs., USA; May 1, 1969; 37p; In English 
Contract(s)/Grant(s): AT/45-1/- 1830 

Report No. (s): BNWL-874; Avail; CASI; A03, Hardcopy; A01, Microfiche 
Preliminary fault tree analysis for FFTF 
CASI 

Failure Analysis; Nuclear Research and Test Reactors; Reactor Safety; Trees (Mathematics) 

12 

ASTRONAUTICS (GENERAL) 

Includes general research topics related to space flight and manned and unmanned space vehicles, platforms or objects launched 
into, or assembled in, outer space; and related components and equipment. Also includes manufacturing and maintenance of such 
vehicles or platforms. For specific topics in astronautics see categories 13 through 20. For extraterrestrial exploration, see 91 Lunar 
and Planetary Science and Exploration. 

19920073157 NASA Goddard Space Flight Center, Greenbelt, MD, USA 

Making the Hubble Space Telescope servicing mission safe 

Bahr, N. J„ NASA Goddard Space Flight Center, USA; Depalo, S. V., Hernandez Engineering, Inc., USA; Aug 1, 1992; 12p; In 
English 

Contract(s)/Grant(s): NAS5-309 17 
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Report No.(s): IAF PAPER 92-0380; Copyright; Avail: Issuing Activity 

The implementation of the HST system safety program is detailed. Numerous safety analyses are conducted through various 
phases of design, test, and fabrication, and results are presented to NASA management for discussion during dedicated safety 
reviews. Attention is given to the system safety assessment and risk analysis methodologies used, i.e., hazard analysis, fault tree 
analysis, and failure modes and effects analysis, and to how they are coupled with engineering and test analysis for a 'synergistic 
picture’ of the system. Some preliminary safety analysis results, showing the relationship between hazard identification, control 
or abatement, and finally control verification, are presented as examples of this safety process. 

AIAA 

Flight Safety; Hubble Space Telescope; NASA Space Programs; Orbital Servicing; Space Shuttle Missions 


14 

GROUND SUPPORT SYSTEMS AND FACILITIES (SPACE) 

Includes launch complexes, research and production facilities; ground support equipment, e.g., mobile transporters; and test 
chambers and simulators. Also includes extraterrestrial bases and supporting equipment. For related information see also 09 
Research and Support Facilities (Air). 

19980173949 

Dynamic real-time radioscopy of Space Shuttle reusable solid rocket motor during static firing 

Rogerson, D. J., U.S. Navy, Naval Air Warfare Center, USA; Jul. 1995; In English 
Report No.(s): AIAA Paper 95-2727; Copyright; Avail; Aeroplus Dispatch 

In 1993, engineers were tasked to investigate the cause of the pressure perturbations occurring in the Reusable Solid Rocket 
Motor (RSRM) following the deviation in the predicted pressure trace in STS-54. An initial fault tree analysis indicated that the 
most probable source for pressure perturbation in the RSRM was the expulsion of aluminum oxide slag accumulated between the 
submerged portion of the nozzle and the motor aft dome. Three static firings were completed using real-time radioscopy (RTR). 
The dynamic data from the RTR system, in conjunction with data from other instrumentation, strongly supported slag expulsion 
as the primary cause for pressure perturbations in the RSRM. 

Author (AIAA) 

Real Time Operation; Space Shuttles; Solid Propellant Rocket Engines; Rocket Firing; Reusable Rocket Engines; X Ray Imagery 


18 

SPACECRAFT DESIGN, TESTING AND PERFORMANCE 

Includes satellites; space platforms; space stations; spacecraft systems and components such as thermal and environmental 
controls; and spacecraft control and stability characteristics. For life support systems, see 54 Man/System Technology and Life 
Support. For related information, see also 05 Aircraft Design, Testing and Performance, 39 Structural Mechanics, and 16 Space 
Transportation and Safety. 

19930016042 NASA, Washington, DC, USA 

Tethered Satellite System Contingency Investigation Board Final Report 
Nov 6, 1992; 5 lp; In English 

Report No.(s): NASA-TM- 108704; NAS 1.15:108704; Avail: CASI; A04, Hardcopy; A01, Microfiche 

The Tethered Satellite System (TSS-1) was launched aboard the Space Shuttle Atlantis (STS-46) on July 31, 1992. During 
the attempted on-orbit operations, the Tethered Satellite System failed to deploy successfully beyond 256 meters. The satellite 
was retrieved successfully and was returned on August 6, 1992. The National Aeronautics and Space Administration (NASA) 
Associate Administrator for Space Flight formed the Tethered Satellite System (TSS-1) Contingency Investigation Board on 
August 12, 1992. The TSS-1 Contingency Investigation Board was asked to review the anomalies which occurred, to determine 
the probable cause, and to recommend corrective measures to prevent recurrence. The board was supported by the TSS Systems 
Working group as identified in MSFC-TSS-11-90, 'Tethered Satellite System (TSS) Contingency Plan'. The board identified live 
anomalies for investigation: initial failure to retract the U2 umbilical; initial failure to flyaway; unplanned tether deployment stop 
at 179 meters; unplanned tether deployment stop at 256 meters; and failure to move tether in either direction at 224 meters. Initial 
observations of the returned flight hardware revealed evidence of mechanical interference by a bolt with the level wind mechanism 
travel as well as a helical shaped wrap of tether which indicated that the tether had been unwound from the reel beyond the travel 
by the level wind mechanism. Examination of the detailed mission events from flight data and mission logs related to the initial 
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failure to flyaway and the failure to move in either direction at 224 meters, together with known preflight concerns regarding slack 
tether, focused the assessment of these anomalies on the upper tether control mechanism. After the second meeting, the board 
requested the working group to complete and validate a detailed integrated mission sequence to focus the fault tree analysis on 
a stuck U2 umbilical, level wind mechanical interference, and slack tether in upper tether control mechanism and to prepare a 
detailed plan for hardware inspection, test, and analysis including any appropriate hardware disassembly. 

Author 

Failure Analysis; Space Shuttle Payloads; Spacebome Experiments; Tethered Satellites; Tethering 

19940021785 NASA Ames Research Center, Moffett Field, CA, USA 

Simulation modeling for long duration spacecraft control systems 

Boyd, Mark A., NASA Ames Research Center, USA; Bavuso, Salvatore J„ NASA Langley Research Center, USA; NASA. 
Langley Research Center, Selected Topics in Robotics for Space Exploration; Dec 1, 1993, pp. p 213-221; In English; See also 
N94-26278 07-12; Avail: CASI; A02, Hardcopy; A03, Microfiche 

The use of simulation is described and it is contrasted to analytical solution techniques for evaluation of analytical reliability 
models. The role importance sampling plays in simulation of models of this type was also discussed. The simulator tool used for 
our analysis is described. Finally, the use of the simulator tool was demonstrated by applying it to evaluate the reliability of a fault 
tolerant hypercube multiprocessor intended for spacecraft designed for long duration missions. The reliability analysis was used 
to highlight the advantages and disadvantages offered by simulation over analytical solution of Markovian and non-Markovian 
reliability models. 

Author (revised) 

Fault Tolerance; Fault Trees; Hypercube Multiprocessors; Long Duration Space Flight; Mathematical Models; Reliability 
Analysis 

19960047783 Naval Postgraduate School, Monterey, CA USA 

Critical Failure Mode Analysis of The Petite Amateur Navy Satellite (PANS AT) 

Alldridge, David W„ Naval Postgraduate School, USA; Sep. 1995; 174p; In English 
Report No.(s): AD-A303881; No Copyright; Avail: CASI; A08, Hardcopy; A02, Microfiche 

System reliability analysis is an essential element is the design process. A reliability study should proceed from system 
inception through final deployment. As the PANSAT project approaches the final design stage and begins initial flight production, 
the absence of any significant reliability analysis becomes increasingly troubling. This thesis initiates the program’s reliability 
analysis obligation by investigating spacecraft failure modes. Typically referenced as critical failure modes, these events will 
cause complete and permanent system failure. A reliability analysis tool, called Fault Tree Analysis (FTA), is used to conduct a 
systematic review of current hardware design architecture to expose potential critical failure points or weak links. The analytical 
result is a Boolean logic tree that describes critical failure events and all the potential causes. This causal output relationship 
describes each component failure (i.e., single point failures), or component failure combinations (i.e., multi -point failures), which 
could cause the undesirable failure event, or Top Event. The fault tree will provide design engineers and management personnel 
with an effective tool and reference point from which to implement design modifications to circumvent potential problems. 
DTIC 

Systems Analysis; Reliability Analysis; Deployment; Failure Modes; System Failures; Logic 


20 

SPACECRAFT PROPULSION AND POWER 

Includes main propulsion systems and components, e.g., rocket engines; and spacecraft auxiliary power sources. For related 
information, see also 07 Aircraft Propulsion and Power; 28 Propellants and Fuels; 15 Launch Vehicles and Launch Operations; and 44 
Energy Production and Conversion. 


19740060462 

The ease for digital techniques applied to powerplant controls 

Evans, J. F. O., Smiths Industries, Ltd., UK; Jan 1, 1974; 20p; In English; Symposium on the Application of Electrical Control 
to Aircraft Propulsion Systems, February 20-21, 1974, London; See also A74-43201 22-28; Avail: Issuing Activity 

The present work argues for the application of digital computing techniques to on-line powerplant control in aircraft. The 
analysis is based on the cost effectiveness of digital control techniques and hardware solutions in the light of the particular 
problems associated with aircraft engine control. The use of digital systems with their ability to change programs easily and 
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cheaply during development permits important decisions to be delayed until the necessary data to base them on becomes available. 
The computer in a digital system can be employed for overall system check-out, thus avoiding the necessity for separate 
equipment at dispersed sites and additional connectors for ground check equipment. Digital systems reduce the number and 
frequency of control setting adjustments, thus improving aircraft availability and maintainability. The application of Fault Tree 
Analysis is illustrated for a hypothetical analysis of a VTOL aircraft. 

AIAA 

Aircraft Engines; Digital Techniques; Engine Control; Numerical Control 


19850010853 Naval Weapons Center, China Lake, CA, USA 

Calculation through Fault Tree Analysis of the probability of a warhead being armed prior to launch 

Stefan, G., Jr., Naval Weapons Center, USA; Spille, F„ Naval Weapons Center, USA; APL The 1984 JANNAF Propulsion 
Systems Hazards Subcomm. Meeting, Vol. 1; Jun 1, 1984, pp. p 1-7; In English; See also N85-19162 10-28 
Report No.(s): AD-P004339; Avail; Issuing Activity 

This paper is presented to illustrate the usefulness of Fault Tree Analysis (FTA), which, when quantified can yield the 
probability of occurrence of a given undesired event. A Fault Tree is a symbolic logic diagram which provides the deductive 
analytical means to identify failure modes contributing to the occurrence of the undesired event. As an illustrative example, an 
analysis was performed to assess the design safety of the MK 76 MOD 0 Safety-Arming (S-A) device, which is used on Standard 
Missile SM-1 Block VI. This analysis was performed with the primary intent of determining the various scenarios leading to an 
armed prior to launch event. These scenarios are made possible only by the assumed failure, or assumed bypassing, of the safety 
interlocks in the S-A device. 

DTIC 

Fault Trees; Fuses (Ordnance); Warheads 


19920066467 

Tutorial on nuclear thermal propulsion safely for Mars 

Buden, David, Idaho National Engineering Laboratory, USA; Jul 1, 1992; 15p; In English 

Contract(s)/Grant(s); DE-AC07-76ID-01570 

Report No.(s): AIAA PAPER 92-3696; Avail; Issuing Activity 

A range of safety topics related to the use of nuclear thermal propulsion (NTP) are examined including risk and safety analysis 
methodologies, NERVA reliability, and life-cycle risk assessments. A list of goals for the safe use of NTP is given which includes 
low radiation levels, avoiding unplanned core destruction, and preventing inadvertent criticality. Safety analysis and failure-mode 
analysis for NTP are illustrated by means of the fault tree analysis, event tree analysis, failure modes and effects analysis, and 
preliminary hazards analysis. Data from the NERVA propulsion program show that safety requirements built into the NTP engine 
are important for diagnostic and preventive assessments. Other key issues affecting the safety of an NTP program encompass 
precautions at the launch pad, crew isolation from reactor radiation, flight operations safety, and final disposal of the NTP engines 
and wastes. 

AIAA 

Failure Modes; Flight Safety; Mars (Planet); Nuclear Engine For Rocket Vehicles; Nuclear Propulsion; Space Exploration 


19930017833 NASA Lewis Research Center, Cleveland, OH, USA 

Reliability studies of integrated modular engine system designs 

Hardy, Terry L„ NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun 1, 1993; 19p; In 
English; 29th; Joint Propulsion Conference and Exhibit, 28-30 Jun. 1992, Monterey, CA, USA; Sponsored by AIAA 
Contract(s)/Grant(s): RTOP 468-02-11 

Report No.(s): NASA-TM-106178; E-7774; NAS 1.15:106178; AIAA PAPER 93-1886; Avail: CASI; A03, Hardcopy; A01, 
Microfiche 

A study was performed to evaluate the reliability of Integrated Modular Engine (IME) concepts. Comparisons were made 
between networked IME systems and non-networked discrete systems using expander cycle configurations. Both redundant and 
non-redundant systems were analyzed. Binomial approximation and Markov analysis techniques were employed to evaluate total 
system reliability. In addition. Failure Modes and Effects Analyses (FMEA), Preliminary Hazard Analyses (PHA), and Fault Tree 
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Analysis (FTA) were performed to allow detailed evaluation of the IME concept. A discussion of these system reliability concepts 
is also presented. 

Author 

Engine Design; Failure Analysis; Failure Modes; Fault Trees; Modularity; Propulsion System Configurations; Reliability 
Analysis; Rocket Engine Design 


19930065762 NASA Lewis Research Center, Cleveland, OH, USA 

Reliability studies of Integrated Modular Engine system designs 

Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun 1, 1993, pp. 18 
p.; In English; 29th; AIAA, SAE, ASME, and ASEE, Joint Propulsion Conference and Exhibit, June 28-30, 1993, Monterey, CA, 
USA; Sponsored by AIAA; Previously announced in STAR as N93-27022 
Report No.(s): AIAA PAPER 93-1886; Copyright; Avail; Issuing Activity 

A study was performed to evaluate the reliability of Integrated Modular Engine (IME) concepts. Comparisons were made 
between networked IME systems and non-networked discrete systems using expander cycle configurations. Both redundant and 
non-redundant systems were analyzed. Binomial approximation and Markov analysis techniques were employed to evaluate total 
system reliability. In addition, Failure Modes and Effects Analyses (FMEA), Preliminary Hazard Analyses (PHA), and Fault Tree 
Analysis (FTA) were performed to allow detailed evaluation of the IME concept. A discussion of these system reliability concepts 
is also presented. 

Engine Design; Failure Analysis; Failure Modes; Fault Trees; Modularity; Propulsion System Configurations; Reliability 
Analysis; Rocket Engine Design 


19940024900 NASA Lewis Research Center, Cleveland, OH, USA 

Rocket engine system reliability analyses using probabilistic and fuzzy logic techniques 

Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., NASA Lewis Research Center, USA; Apr 1, 1994; 18p; 
In English; 30th; Joint Propulsion Conference, 27-29 Jun. 1994, Indianapolis, IN, USA; Sponsored by AIAA, ASME, SAE, and 
ASEE 

Contract(s)/Grant(s): RTOP 506-42-72 

Report No.(s): NASA-TM-106519; E-8640; NAS 1. 15:106519; AIAA PAPER 94-2750; Avail: CASI; A03, Hardcopy; A01, 
Microfiche 

The reliability of rocket engine systems was analyzed by using probabilistic and fuzzy logic techniques. Fault trees were 
developed for integrated modular engine (IME) and discrete engine systems, and then were used with the two techniques to 
quantify reliability. The IRRAS (Integrated Reliability and Risk Analysis System) computer code, developed for the U.S. Nuclear 
Regulatory Commission, was used for the probabilistic analyses, and FUZZYFTA (Fuzzy Fault Tree Analysis), a code developed 
at NASA Lewis Research Center, was used for the fuzzy logic analyses. Although both techniques provided estimates of the 
reliability of the IME and discrete systems, probabilistic techniques emphasized uncertainty resulting from randomness in the 
system whereas fuzzy logic techniques emphasized uncertainty resulting from vagueness in the system. Because uncertainty can 
have both random and vague components, both techniques were found to be useful tools in the analysis of rocket engine system 
reliability. 

Author (revised) 

Engine Failure; Fault Trees; Fuzzy Systems; Probability Distribution Functions; Reliability; Reliability Analysis; Rocket Engines 


19980025783 

Current and emerging technology for powering small satellites with secondary cells and batteries 

Klein, G. C., Gates Aerospace Batteries, USA; Schmidt, D. F., Gates Aerospace Batteries, USA; 1993; In English; Copyright; 
Avail: Aeroplus Dispatch 

A generic discussion is presented of cell and battery technologies of 17 A-H capacity and below for application in the 
emerging small satellite market. Attention is given to NiCd technology, NiMH technology, NiH2 planar cell and battery design 
concepts. Reliability analyses and assessments, analysis of failure modes and effects and criticality, fault tree analysis, design 
tradeoffs and simplifications, cell assembly improvements, volume and mass reductions are considered. 

AIAA 

Small Scientific Satellites; Spacecraft Power Supplies; Electric Batteries; Technology Utilization; Design Analysis 
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19980071382 

Study of synthetic analysis on design reliability of a liquid rocket engine 

Kuang, Wuyue, Shaanxi Engine Design Inst., China; Tan, Songlin, Shaanxi Engine Design Inst., China; Journal of Propulsion 
Technology; Oct. 1997; ISSN 1001-4055; Volume 18, no. 5, pp. 9-12; In Chinese; Copyright; Avail: Aeroplus Dispatch 

A synthetic analysis on the design reliability of a liquid rocket engine is presented. A rigorous yet practicable approach for 
evaluating engine reliability during the conceptual study phase is put forward. The approach uses the proven reliability methods 
of reliability modeling analysis, Failure Modes and Effects Analysis (FMEA), failure data analysis, and Fault Tree Analysis (FTA) 
to estimate the probability of mission success at the vehicle level for different engine designs. An example is provided in which 
the approach is used to evaluate an engine design concept. 

Author (AIAA) 

Liquid Propellant Rocket Engines; Rocket Engine Design; Reliability Analysis; Engine Failure; Fault Trees 


19980148550 

The fault tree analysis on system reliability on solid rocket motor design 

Fang, Guoyao, Beijing Univ. of Aeronautics and Astronautics, China; Ma, Zhibo, Beijing Univ. of Aeronautics and Astronautics, 
China; Tang, Zhidong, Beijing Univ. of Aeronautics and Astronautics, China; Sun, Zhexi, Beijing Univ. of Aeronautics and 
Astronautics, China; Journal of Propulsion Technology; Oct. 1994; ISSN 1001-4055, no. 5, pp. 28-33; In Chinese; Copyright; 
Avail: Aeroplus Dispatch 

A fault tree analysis is carried out based on a real air-air missile solid rocket motor. Thus, the frame figure of system reliability, 
the fault tree analysis, and structure functions are developed, and the reliability is predicted. The results show that the model 
developed is correct and available for other solid rocket motors. 

Author (AIAA) 

Solid Propellant Rocket Engines; Fault Trees; Rocket Engine Design; Reliability Analysis 

19980188713 

Rocket, engine system reliability analysts using probabilistic and fuzzy lope techniques 

Hardy, Terry L., NASA Lewis Research Center, USA; Rapp, Douglas C., Sverdrup Technology, Inc., USA; Jun. 1994; In English 
Report No.(s): AIAA Paper 94-2750; Copyright; Avail: Aeroplus Dispatch 

The reliability of rocket engine systems was analyzed by using probabilistic and fuzzy logic techniques. Fault trees were 
developed for Integrated Modular Engine (IME) and Discrete engine systems, and then were used with the two techniques to 
quantify reliability. The IRRAS (Integrated Reliability and Risk Analysis System) computer code, developed for the U.S. Nuclear 
Regulatory Commission, was used for the probabilistic analyses, and FUZZYFTA (Fuzzy Fault Tree Analysis), a code developed 
at NASA Lewis Research Center, was used for the fuzzy logic analyses. Although both techniques provided estimates of the 
reliability of the IME and Discrete systems, probabilistic techniques emphasized uncertainty resulting from randomness in the 
system whereas fuzzy logic techniques emphasized uncertainty resulting from vagueness in the system. Because uncertainty can 
have both random and vague components, both techniques were found to be useful tools in the analysis of rocket engine system 
reliability. 

Author (AIAA) 

Rocket Engines; Reliability Analysis; Fuzzy Systems; Logic Programming; Systems Integration; Fault Trees 


19990038408 

Propellants, explosives, rockets, and guns; Proceedings of the 2nd International High Energy Materials Conference and 
Exhibit, Indian Inst, of Technology, Chennai, India, Dec. 8-10, 1998 

1998; In English; ISBN 81-7023-885-4; Copyright; Avail; AIAA Dispatch 

The papers presented in this volume are grouped under the following headings: ballistics; combustion; emergetic material 
chemistry; explosives and igniters; hazards, safety, and implementation; measurement technology; and reactive systems 
modeling. Specific topics discussed include development of large solid propulsion systems for launch vehicles; high muzzle 
velocity guns; combustion of high energy heterogeneous condensed systems; low temperature behavior of polymeric systems 
used in rocket motors; and performance of metallized liquid propellants. Papers are also included on studies of the ignition 
characteristics of boron-potassium nitrate pellets; fault tree analysis of powder compaction in fuel rich propellant processing; 
neutron radiography of pyrodevices used in spacecraft; and underwater ignition of a solid propellant system. 

AIAA 

Conferences; Rocket Propellants; Explosives; Guns (Ordnance); Propellant Combustion; Propellant Properties 
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19990104529 

Application of quantitative hazard analysis technique in mixing operations of high energy materials 

Jain, A. K., Cent, for Environment & Explosives Safety, India; Rajagopal, C.; Defence Science Journal; Jan, 1999; ISSN 
0011-748X; Volume 49, no. 1, pp. 19-26; In English; Copyright; Avail: Issuing Activity 

Production of composite propellants involves a variety of operations, of which mixing of various ingredients is a key step. 
Given the intrinsically hazardous nature of many of these ingredients, mixing operation, which is carried out in a stepwise manner 
with carefully weighed ratios of the reactants and under controlled conditions, is one of the hazardous steps in the production 
process. In this paper, quantitative assessment of the hazards involved in such a mixing operation has been carried out using 
fault-tree analysis technique to identify all the possible basic event combinations which could lead to the occurrence of a selected 
’top event’, such as fire or explosion in the mixer building. Measures to improve the safety features in the mixer building are also 
suggested. 

Author (El) 

Solid Propellants; Mixing; Assessments; Risk; Accident Prevention 


23 

CHEMISTRY AND MATERIALS (GENERAL) 

Includes general research topics related to the composition, properties, structure, and use of chemical compounds and materials as 
they relate to aircraft, launch vehicles, and spacecraft. For specific topics in chemistry and materials see categories 24 through 29. 
For astrochemistry see category 90 Astrophysics. 

19910032228 NASA White Sands Test Facility, NM, USA 

Flammability and sensitivity of materials In oxygen-enriched atmospheres; Proceedings of the Fourth International 
Symposium, Las Cruces, NM, Apr. 11-13, 1989. Volume 4 

Stoltzfus, Joel M., editor, NASA White Sands Test Facility, USA; Benz, Frank J„ editor, NASA White Sands Test Facility, USA; 
Stradling, Jack S., editor, NASA White Sands Test Facility, USA; Jan 1, 1989; 426p; In English; 4th; International Symposium 
on Flammability and sensitivity of materials in oxygen-enriched atmospheres, Apr. 11-13, 1989, Las Cruces, NM, USA; 
Sponsored by ASTM 

Report No.(s): ASTM STP-1040; Copyright; Avail; Issuing Activity 

The present volume discusses the ignition of nonmetallic materials by the impact of high-pressure oxygen, the promoted 
combustion of nine structural metals in high-pressure gaseous oxygen, the oxygen sensitivity/compatibility ranking of several 
materials by different test methods, the ignition behavior of silicon greases in oxygen atmospheres, fire spread rates along 
cylindrical metal rods in high-pressure oxygen, and the design of an ignition-resistant, high pressure/temperature oxygen valve. 
Also discussed are the promoted ignition of oxygen regulators, the ignition of PTFE-lined flexible hoses by rapid pressurization 
with oxygen, evolving nonswelling elastomers for high-pressure oxygen environments, the evaluation of systems for oxygen 
service through the use of the quantitative fault-tree analysis, and oxygen-enriched fires during surgery of the head and neck. 
AIAA 

Conferences; Controlled Atmospheres; Flammability; Liquid Oxygen; Materials Science; Oxygen Tension 


24 

COMPOSITE MATERIALS 

Includes physical, chemical, and mechanical properties of laminates and other composite materials. 


19770045905 

A qualitative fault tree analysis for the tensile failure of fibrous laminated composites 

Masters, J. E.; Yeow, Y. T.; Louthan, M. R., Jr.; Reifsnider, K. L.; Brinson, H. F., Virginia Polytechnic Institute and State 
University, USA; Composites; Apr 1, 1977; 8, pp. Apr. 197; In English; p. 111-117; Copyright; Avail: Issuing Activity 

A fault tree is referred to as a graphical technique that provides a systematic description of the combinations of possible 
occurrences in a system which can result in a fault or undesirable event. It is shown that by defining the failure of a structure as 
the undesirable event, one can apply a fault tree to determine the pertinent underlying factors and their interrelations. A qualitative 
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fault tree technique is proposed for examining the static tensile failure of a fibrous composite laminate. The technique is suitable 
for relating the basic micromechanical mechanisms to the macroscopic events of delamination and oblique/transverse failure. 
AIAA 

Carbon Fiber Reinforced Plastics; Failure Analysis; Laminates; Tensile Tests; Trees (Mathematics) 


25 

INORGANIC, ORGANIC AND PHYSICAL CHEMISTRY 

Includes the analysis, synthesis, and use inorganic and organic compounds; combustion theory; electrochemistry; and 
photochemistry. For related information see also 34 Fluid Dynamics and Thermodynamics, For astrochemistry see category 90 
Astrophysics. 

19800072749 California Univ., Berkeley. Lawrence Berkeley Lab, CA, USA 

Application of fault tree analysis to ignition of fire 

Ling, W. C. T., California Univ., USA; Williamson, R. B., California Univ., USA; Oct 1, 1978; 23p; In English 
Contract(s)/Grant(s): W-7405-ENG-48 

Report No.(s): LBL-8297; CONF-78 1060-1; Avail; CASI; A03, Hardcopy, Microfiche 
No abstract. 

Failure Analysis; Fault Trees; Fire Damage; Fires; Flame Propagation; Ignition 


31 

ENGINEERING (GENERAL) 

Includes general research topics to engineering and applied physics, and particular areas of vacuum technology, industrial 
engineering, cryogenics, and fire prevention. For specific topics in engineering see categories 32 through 39. 


19790049590 

A method of schedule acceleration for system, safety programs 

Lemon, G. H., General Dynamics Corp., USA; Jan 1, 1979; 6p; In English; 16th; Survival and Flight Equipment Association, 
Annual Symposium, October 8-12, 1978, San Diego, CA; See also A79-33601 13-03; Copyright; Avail: Issuing Activity 

The principal advantage of an accelerated program is that the cost of redesign and retrofit for safety improvement is 
minimized. Current fault tree analysis provides its greatest payoff after retrofit becomes expensive. This paper presents a method 
for solving this problem: It is suggested that subsystem hazard analysis data be purchased from equipment suppliers and fault tree 
logic allocation be developed concurrently with data preparation. 

AIAA 

Human Factors Engineering; Project Management; Safety Management; Work Capacity 

19810034877 

An example of predictive rather than responsive safety research for fusion energy systems 

Alvares, N. J.; Hasegawa, H. K., California, University, USA; Jan 1, 1979; 6p; In English; 8th; Symposium on Engineering 
Problems of Fusion Research, November 13-16, 1979, San Francisco, CA; See also A81-18901 06-75 
Contract(s)/Grant(s): W-7405-ENG-48; Copyright; Avail: Issuing Activity 

A fault tree analysis is used to study the fire -management system of fusion experiments. The technique is shown to identify 
failure modes of the existing system components and indicate the possible effects of component failure in the event of fire in the 
protected spaces. The results of the initial analytical phase of the project are presented together with critical unknown parameters 
required for further analysis. 

AIAA 

Fusion Reactors; Nuclear Research; Reactor Safety; Safety Management 
19860011164 IIT Research Inst., Chicago, IL, USA 

Total system hazards analysis for the western area demilitarization facility 

Pape, R., IIT Research Inst., USA; Mniszewski, K., IIT Research Inst., USA; Swider, E., IIT Research Inst., USA; Department 
of Defense Explosives Safety Board Minutes of the 21st Explosives Safety Seminar, Volume 2; Aug 1, 1984, pp. p 1529-1551; 
In English; See also N86-20623 11-31 
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Report No.(s): AD-P004894; Avail: CASI; A03, Hardcopy; A 10, Microfiche 

The results of a hazards analysis of the Western Area Demilitarization facility (WADF) at Hawthorne, Nevada are 
summarized. An overview of the WADF systems, the hazards analysis methodology that was applied, a general discussion of the 
fault tree analysis results, and a compilation of the conclusions and recommendations for each area of the facility are given. 
CASI 

Disposal; Explosives; Hazards; Systems Analysis 


19910032248 

Evaluating systems for oxygen service through the use of quantitative fault tree analysis 

Santay, Anthony J., Air Products and Chemicals, Inc., USA; Jan 1, 1989; lOp; In English; 4th; International Symposium on 
Flammability and sensitivity of materials in oxygen-enriched atmospheres, Apr. 11-13, 1989, Las Cruces, NM, USA; Sponsored 
by ASTM; See also A91-16851; Copyright; Avail: Issuing Activity 

In the event of a process plant upset, systems not normally intended for use in oxygen service may be suddenly subject to 
an oxygen-enriched atmosphere. If the upset condition occurs frequently, a conservative approach would be to design all 
components as if they were normally in oxygen service. As an alternative, one could calculate the probability of the upset condition 
to quantitatively assess the risk and recommend corrective measures to further reduce the risk. Quantified fault tree techniques 
are used to determine a system’s compatibility when exposed to oxygen in this manner. 

AIAA 

Controlled Atmospheres; Fault Trees; Flammability; High Pressure Oxygen; Oxygen Supply Equipment 


19930049795 

The safety of process automation 

Toola, A., Technical Research Centre of Finland, USA; Automatica; March 1993; ISSN 0005-1098; 29, 2, pp. 541-548.; In 
English; Copyright; Avail: Issuing Activity 

The effect of automation on process safety is examined. The methods of safety analysis can be applied during the designing 
stages of safe process automation. The hazard and operability study makes it possible to take into account the potential process 
disturbances and to develop countermeasures. Action error analysis studies the consequences of potential human errors in task 
execution. Fault tree analysis can be used to study the causes of potential accidents and to examine the control actions suitable 
for providing protection against them thereby reducing the probability of accidents. Event tree analysis is a method for considering 
the consequences of potential hazardous situations and for developing countermeasures to reduce such consequences. Failure 
mode and effect analysis is a method for checking that the potential failures of the control and automation system are not 
overlooked. Reliability assessment can be used with safety analysis methods to study the bottlenecks in the design and to prioritize 
the countermeasures whereby the risk can be reduced to attain an acceptable level. 

AIAA 

Automation; Process Control (Industry); Safety 


19950056419 NASA Goddard Space Flight Center, Greenbelt, MD, USA 

Making the Hubble Space Telescope servicing mission safe 

Bahr, N. J., Hernandez Engineering, Inc., USA; Depalo, S. V., Hernandez Engineering, Inc., USA; 1992; ISSN 0278-4017, pp. 
: Composite material; In English; See also A95-88012 
Contract(s)/Grant(s): NAS5-30917; Copyright; Avail: Issuing Activity 

This paper will detail how the Hubble Space Telescope (HST) system safety program is conducted. Numerous safety analyses 
are conducted through the various phases of design, test, and fabrication, and results are presented to NASA management for 
discussion during dedicated safety reviews. This paper will then address the system safety assessment and risk analysis 
methodologies used (i.e. hazard analysis, fault tree analysis, and failure modes and effects analysis), and how they are coupled 
with enginering and test analyses for a 'synergistic picture' of the system. Some preliminary safety analysis results, showing the 
relationship between hazard identification, control or abatement, and finally control verification, will be presented as examples 
of this safety process. 

Author (Herner) 

Aerospace Safety; Hubble Space Telescope; Orbital Servicing; Risk; Space Maintenance 
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32 

COMMUNICATIONS AND RADAR 


Includes radar; radio, wire, and optical communications; land and global communications; communications theory. For related 
information see also 04 Aircraft Communications and Navigation; and 17 Space Communications, Spacecraft Communications, 
Command and Tracking; for search and rescue see 03 Air Transportation and Safety, and 16 Space Transportation and Safety. 

19970001445 Sandia National Labs., Risk Assassment and Systems Modeling., Albuquerque, NM USA 

Risk and Reliability Assessment for Telecommunications Networks 

Wyss, Gregory D„ Sandia National Labs., USA; Schriner, Heather K., Sandia National Labs., USA; Gaylor, Timothy R„ Sandia 
National Labs., USA; 1996; 9p; In English; Probabilistic Safety Assessment - Moving Toward Risk Based Regulation, 29 Sep. 
1996 - 3 Oct. 1996, Park City, UT, USA 
Contract(s)/Grant(s): DE-AC04-94AL-85000 

Report No.(s): SAND-96-1543C; CONF-960912-8; DE96-011708; No Copyright; Avail: Issuing Activity (Department of Energy 
(DOE)), Microfiche 

Sandia National Laboratories has assembled an interdisciplinary team to explore the applicability of probabilistic logic 
modeling (PLM) techniques to model network reliability for a wide variety of communications network architectures. The authors 
have found that the reliability and failure modes of current generation network technologies can be effectively modeled using fault 
tree PLM techniques. They have developed a ’plug-and-play’ fault tree analysis methodology that can be used to model 
connectivity and the provision of network services in a wide variety of current generation network architectures. They have also 
developed an efficient search algorithm that can be used to determine the minimal cut sets of an arbitrarily-interconnected 
(non-hierarchical) network without the construction of a fault tree model. This paper provides an overview of these modeling 
techniques and describes how they are applied to networks that exhibit hybrid network structures (i.e., a network in which some 
areas are hierarchical and some areas are not hierarchical). 

DOE 

Risk; Reliability; Fault Trees; Computer Networks; Information Systems; Data Transfer (Computers) 

19980047381 Department of the Navy, Washington, DC USA 
Constant False Probability Data Fusion System 

Pawlak, Robert J., Inventor, Department of the Navy, USA; Aug. 26, 1997; 6p; In English; Supersedes 
US-Patent-Appl-SN-972339, AD-DO 15624. 

Patent Info.: Filed 6 Nov. 1992; US-Patent-Appl-SN-972339; US -Patent-5, 66 1,666 

Report No.(s): AD-D018729; No Copyright; Avail: US Patent and Trademark Office, Microfiche 

A system for determining whether a given phenomenon has occurred based on multiple sensor decisions is provided. Each 
sensor samples input data and attempts to decide if the given phenomenon exists. These sensor decisions are provided to the data 
fusion processor. The data fus ion processor uses a sum of the sensor decisions multiplied by a logarithmic gain indicating the 
relative reliability of each sensor to generate a test existence metric. The test existence metric is compared to two threshold limits. 
The results of this comparison are used to provide a final decision indicating the existence of the given phenomenon. An 
optimization is used to determine the threshold values used in the threshold table to guarantee that the false alarm rate and the data 
fusion processor is constant, even in cases where data from some sensor is missing. 

DTIC 

Data Processing Equipment; Multisensor Fusion; Probability Theory 


33 

ELECTRONICS AND ELECTRICAL ENGINEERING 

Includes development, performance, and maintainability of electrical/electronic devices and components; related test equipment, 
and microelectronics and integrated circuitry. For related information see also 60 Computer Operations and Hardware; and 76 
Solid-State Physics. For communications equipment and devices see 32 Communications and Radar. 


19860048102 

General methodologies for assessing EMI/EMC in complex electronic circuits and systems 

Slauson, W. E.; Lessard, B. L; Hurley, M. T.; Bossart, R. K., Sanders Associates, Inc., USA; Paludi, G. A„ Jr., USAF, Rome Air 
Development Center, USA; Jan 1, 1985; 2p; In English; See also A86-32801 
Contract(s)/Grant(s): F30602-82-C-0174; Copyright; Avail: Issuing Activity 
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This paper introduces the procedures for utilizing two techniques, namely Fault Tree Analysis (FTA) and Electromagnetic 
Effects Criticality Analysis (EMECA), for assessing EMI/EMC in complex electronic circuits and systems. Application of these 
techniques are demonstrated by means of examples where, because of the use of digital, high-speed, high-density integrated circuit 
technologies, EMI/EMC assessments by traditional deterministic methods are inappropriate. The results illustrate the probability 
of achieving EMC while accounting for the statistical nature of EMI. 

AIAA 

Electromagnetic Compatibility; Electromagnetic Interference; Electromagnetic Noise; Electronic Equipment Tests; Fault Trees; 
Integrated Circuits 

19880001643 Johns Hopkins Univ., Space Reliability Group., Laurel, MD, USA 

Fault tree safety analysis of a large Li/SOCl(sob)2 spacecraft battery' 

Uy, O. Manuel, Johns Hopkins Univ., USA; Maurer, R. H., Johns Hopkins Univ., USA; NASA Goddard Space Flight Center, 
Greenbelt, Md. The 1986 Goddard Space Flight Center Battery Workshop; Sep 1, 1987, pp. p 93-119; In English; See also 
N88- 11021 02-33; Avail: CASI; A03, Hardcopy; A03, Microfiche 

The results of the safety fault tree analysis on the eight module, 576 F cell Li/SOC12 battery on the spacecraft and in the 
integration and test environment prior to launch on the ground are presented. The analysis showed that with the right combination 
of blocking diodes, electrical fuses, thermal fuses, thermal switches, cell balance, cell vents, and battery module vents the 
probability of a single cell or a 72 cell module exploding can be reduced to .000001, essentially the probability due to explosion 
for unexplained reasons. 

B.G. 

Electrochemistry; Failure Analysis; Fault Trees; Lithium Sulfur Batteries; Requirements 

19910007993 Sandia National Labs., Albuquerque, NM, USA 
lithium battery safety and reliability 

Levy, Samuel C., Sandia National Labs., USA; Jan 1, 1991; 12p; In English; 5th; International Seminar on Lithium Battery 
Technology and Applications, 4-8 Mar. 1991, Deerfield Beach, FL, USA 
Contract(s)/Grant(s): DE-AC04-76DP-00789 

Report No.(s): DE91-005800; SAND-91-0012C; CONF-9 10344-1; Avail: CASI; A03, Hardcopy; A01, Microfiche 

Lithium batteries have been used in a variety of applications for a number of years. As their use continues to grow, particularly 
in the consumer market, a greater emphasis needs to be placed on safety and reliability. There is a useful technique which can help 
to design cells and batteries having a greater degree of safety and higher reliability. This technique, known as fault tree analysis, 
can also be useful in determining the cause of unsafe behavior and poor reliability in existing designs. 

DOE 

Electric Batteries; Lithium; Reliability Engineering; Safety 


19980053939 

Combining functional and structural reasoning for safety analysis of electrical designs 

Price, C. J., Univ. of Wales, UK; Snooke, N.; Pugh, D. R.; Hunt, J. E.; Wilson, M. S.; Knowledge Engineering Review; Sep, 1997; 
ISSN 0269-8889; Volume 12, no. 3, pp. 271-287; In English; Copyright; Avail: Issuing Activity 

Increasing complexity of design in automotive electrical systems has been paralleled by increased demands for analysis of 
the safety and reliability aspects of those designs. Such demands can place a great burden on the engineers charged with carrying 
out the analysis. This paper describes how the intended functions of a circuit design can be combined with a qualitative model 
of the electrical circuit that fulfills the functions, and used to analyze the safety of the design. FLAME, an automated failure mode 
and effects analysis system based on these techniques, is described in detail. FLAME has been developed over several years, and 
is capable of composing an FMEA report for many different electrical subsystems. The paper also addresses the issue of how the 
use of functional and structural reasoning can be extended to sneak circuit analysis and fault tree analysis. 

Author (El) 

Failure Analysis; Failure Modes; Structural Analysis; Computer Techniques; Network Analysis; Artificial Intelligence; 
Human-Computer Interface 


19990068673 

Hybrid escalation mechanism for the efficient restoration of ATM networks 

Lee, Dong-Hee, Kyungpook Natl. Univ., Republic of Korea; Park, Jong-Tae; Lee, Kil-Haeng; Woo, Wang-Don; Computers & 
Industrial Engineering; Oct, 1998; ISSN 0360-8352; Volume 35, no. 1-2, pp. 279-282; In English; 1997 23rd International 
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Conference on Computers and Industrial Engineering, Mar. 29-Apr. 1, 1997, Chicago, IL, USA; Copyright; Avail: Issuing 
Activity 

In this paper, we comparatively analyze the characteristics of various escalation mechanisms for the restoration of ATM 
networks. We propose a new escalation method, called hybrid escalation, which is able to restore the defective services according 
to the conditions of faults. Additionally, we propose the Telecommunication Management Network (TMN) based management 
architecture incorporating the escalation strategy. 

Author (El) 

Data Transmission 


19990093859 

Fault diagnosis of large scale analog circuits based on symbolic method 

Wei, T„ The Hong Kong Polytechnic Univ., China; Wong, M. W. T.; Lee, Y. S.; Chinese Journal of Electronics; Oct, 1998; ISSN 
1022-4653; Volume 7, no. 4, pp. 395-399; In English; Copyright; Avail: Issuing Activity 

The problem of testing and diagnosis of large linear analog circuits has not been adequately addressed. In this paper, an 
effective procedure to test and diagnose faults in large scale linear analog circuits has been proposed. We first use large change 
sensitivity analysis to obtain the diagnostic voltages and currents. Decomposition technique is then applied and algorithms for 
isolation of faulty nodes, faulty connections and faulty subcircuits are proposed. Next the hardware overhead problem is 
considered and it leads to an optimization of test nodes. The circuit analysis is based on a new symbolic technique which is less 
cosdy than traditional method in terms of time complexity. We apply the proposed fault diagnosis technique to a benchmark circuit 
to demonstrate the efficiency of this method. 

Author (El) 

Electric Current; Electric Networks; Sensitivity; Algorithms 


37 

MECHANICAL ENGINEERING 

Includes mechanical devices and equipment; machine elements and processes. For cases where the application of a device or the 
host vehicle is emphasized see also the specific category where the application or vehicle is treated. For robotics see 63 
Cybernetics, Artificial Intelligence, and Robotics; and 54 Man/System Technology and Life Support. 

19720005773 Jet Propulsion Lab., California Inst, of Tech., Pasadena, CA, USA 
Reliability computation using fault tree analysis 

Chelson, P. O., Jet Propulsion Lab., California Inst, of Tech., USA; Dec 1, 1971; 23p; In English 
Contract(s)/Grant(s): NAS7-100 

Report No.(s): NASA-CR- 124740; JPL-TR-32-1542; Avail: CASI; A03, Hardcopy; A01, Microfiche 

A method is presented for calculating event probabilities from an arbitrary fault tree. The method includes an analytical 
derivation of the system equation and is not a simulation program. The method can handle systems that incorporate standby 
redundancy and it uses conditional probabilities for computing fault trees where the same basic failure appears in more than one 
fault path. 

CASI 

Distribution Functions; Probability Theory; Reliability Engineering 

19741)014961 California Univ., Operations Research Center., Berkeley, CA, USA 

Introduction to fault tree analysis 

Barlow, R. E., California Univ., USA; Pumendu, C\, California Univ., USA; Dec 1, 1973; 48p; In English 

Contract(s)/Grant(s): N00014-69-A-0200-1036; F33615-73-C-4078 

Report No. (s): AD-774072; ORC-73-30; Avail; CASI; A03, Hardcopy; A01, Microfiche 

Fault tree analysis has proved to be a useful analytical tool for the reliability and safety analysis of complex systems. This 
is a semi-expository introduction to the mathematics of fault tree analysis. Many of the concepts of coherent stmcture theory have 
been used. Bounds on the system reliability when components are dependent (that is, are associated) are given. Algorithms to 
find the min-cut-sets and related bounds, together with various means for computing the probability of the Top Event are 
presented. Measures of event importance are discussed. Numerical examples are presented to illustrate the concepts. 

CASI 

Electrical Faults; Reliability Engineering; Statistical Distributions 
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19930002773 Rice Univ., Dept, of Electrical and Computer Engineering., Houston, TX, USA 

Fault detection and fault tolerance in robotics 

Visinsky, Monica, Rice Univ., USA; Walker, Ian D„ Rice Univ., USA; Cavallaro, Joseph R., Rice Univ., USA; NASA. Lyndon 
B. Johnson Space Center, Fifth Annual Workshop on Space Operations Applications and Research (SOAR 1991), Volume 1; Jan 
1, 1992, pp. p 262-271; In English; Sponsored in part by Mitre Corp. 

Contract(s)/Grant(s): NSF MIP-89-09498; NSF MSS-90-24391; Avail: CASI; A02, Hardcopy; A04, Microfiche 

Robots are used in inaccessible or hazardous environments in order to alleviate some of the time, cost and risk involved in 
preparing men to endure these conditions. In order to perform their expected tasks, the robots are often quite complex, thus 
increasing their potential for failures. If men must be sent into these environments to repair each component failure in the robot, 
the advantages of using the robot are quickly lost. Fault tolerant robots are needed which can effectively cope with failures and 
continue their tasks until repairs can be realistically scheduled. Before fault tolerant capabilities can be created, methods of 
detecting and pinpointing failures must be perfected. This paper develops a basic fault tree analysis of a robot in order to obtain 
a better understanding of where failures cau occur and how they contribute to other failures in the robot. The resulting failure flow 
chart can also be used to analyze the resiliency of the robot in the presence of specific faults. By simulating robot failures and fault 
detection schemes, the problems involved in detecting failures for robots are explored in more depth. 

Author 

Algorithms; Component Reliability; Fault Detection; Fault Tolerance; Fault Trees; Redundancy Encoding; Robots 


19990036253 Department of Energy, Washington, DC USA 

Evaluation of spindle-shaft seizure accident sequences for the Sdtenck Dynamic Balancer 

Bott, T. F., Department of Energy, USA; Fischer, S. R., Department of Energy, USA; Dec. 31, 1998; 150p; In English 
Report No.(s): DE99-000574; LA-UR-98-1824; No Copyright; Avail; Department of Energy Information Bridge, Microfiche 
This study was conducted at the request of the USDOE/AL Dynamic Balancer Project Team to develop a set of representative 
accident sequences initiated by rapid seizure of the spindle shaft of the Schenck dynamic balancing machine used in the mass 
properties testing activities in Bay 12-60 at the Pantex Plant. This Balancer is used for balancing reentry vehicles. In addition, 
the study identified potential causes of possible spindle-shaft seizure leading to a rapid deceleration of the rotating assembly. These 
accident sequences extend to the point that the reentry vehicle either remains in stable condition on the balancing machine or leaves 
the machine with some translational and rotational motion. Fault-tree analysis was used to identify possible causes of spindle- 
shaft seizure, and failure modes and effects analysis identified the results of shearing of different machine components. 
Cause-consequence diagrams were used to help develop accident sequences resulting from the possible effects of spindle -shaft 
seizure, to make these accident sequences physically reasonable, the analysts used idealized models of the dynamics of rotating 
masses. Idealized physical modeling also was used to provide approximate values of accident parameters that lead to branching 
down different accident progression paths. The exacerbating conditions of balancing machine over-speed and improper assembly 
of the fixture to the face plate are also addressed. 

NTIS 

Test Facilities; Shafts (Machine Elements); Seizures; Fault Trees; Spindles; Balancing; Accidents 
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QUALITY ASSURANCE AND RELIABILITY 

Includes approaches to, and methods for reliability analysis and control, inspection, maintainability, and standardization. 


19750008795 Lawrence Livermore National Lab., Livermore, CA, USA 

Fault tree analysis: An overview 

Lambert, H., Lawrence Livermore National Lab., USA; Aug 6, 1974; 17p; In English; Conf. on Reliability and Fault Tree 
Analysis, 3-4 Sep. 1974, Berkeley, CA, USA; Sponsored by AEC 

Report No.(s): UCRL-75904; CONF-740906-1; Avail: CASI; A03, Hardcopy; A01, Microfiche 
The construction, evaluation, and uses of the fault tree analysis of systems are discussed. 

NSA 

Safety Management; System Failures; Systems Analysis; Systems Engineering 
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I, USA 

Reliability analysis on electronic circuits. Practical application of reliability predictions wit 
analysis and fault tree analysis palidlighedsanalyse of elektroniske kredslob. prakisk brag of palidelighedsforudsigelse stmt 
brug af fejleffektanalyse og fejUraeanalyse 

Hogsholm, A., USA; Nov 1, 1974; 61p; In Danish 

Report No.(s): ECR-46; Avail: CASI; A04, Hardcopy; A01, Microfiche 

Two phases in the design of a reliable electronic circuit are treated. In the first phase the aim is to estimate the circuit reliability 
and if the latter is not sufficient, advise how the reliability can be improved. The circuit reliability is computed using parts count 
technique and reliability block diagrams. In second, the phase, the effects of component failures that will occur are investigated. 
In applying failure mode effect analysis and fault tree analysis the critical failures are found. Some general rules for avoiding 
critical failures are presented and examples showing the use of these are given. 

CASI 

Circuit Diagrams; Failure Analysis; Reliability Engineering 


19750019337 California Univ., Operations Research Center., Berkeley, CA, USA 
Fault tree analysis; Reliability theory and systems safety analysis 
Chatterjee, R, California Univ., USA; Nov 1, 1974; 130p; In English 
Contract(s)/Grant(s): N000 14-69- A-0200- 1036; F33615-73-C-4078; NR PROJ. 042-238 
Report No.(s): AD-A004209; ORC-74-34; Avail; CASI; A07, Hardcopy; A02, Microfiche 

In this report the author solves various problems in fault tree analysis and coherent structure theory. In Chapter 1 , fault tree 
construction methodology and mathematical notations are presented. Chapter 2 deals with minimal cut sets. Two algorithms, 
complete with proofs, are presented. In Chapter 3, the concept of module and an algorithm to obtain the finest modular 
decomposition is presented. Its potential use in obtaining various systems characteristics efficiently is pointed out. The concept 
of module is similar to that of committee in Game Theory. In Chapter 4, various concepts of importance and methods for 
computing them are presented. 

DTIC 

Reliability; Safety Factors; Systems Analysis 


19750062855 

Reliability and fault tree analysis: Theoretical and applied aspects of system reliability and safety assessment ; Proceedings 
of the Conference, University of California, Berkeley, Calif., September 3-7, 1.974 

Barlow, R. E., editor, California, University, USA; Fussell, J. B., Aerojet Nuclear Co., USA; Singpurwalla, N. D., George 
Washington University, USA; Jan 1, 1975; 965p; In English; Reliability and fault tree analysis: Theoretical and applied aspects 
of system reliability an safety assessment: Conference, September 3-7, 1974, Berkeley, CA; Sponsored by AEC 
Contract(s)/Grant(s): N00014-69-A-0200-1070; N000 14-67- A-02 14; NR PROJECT 347-020; NAVY TASK 0001; Copyright; 
Avail: Issuing Activity 

Aspects of fault tree methodology are examined, taking into account a computer aided fault tree construction for electrical 
systems, a safety simulation language for chemical processes, and a method to reduce the cost of analysis. The computer analysis 
of fault trees and systems is discussed along with the mathematical theory of reliability, the theory of maintained systems, the 
statistical theory of reliability, questions of network reliability, and computer reliability. Subjects related to reliability and fault 
tree applications are also considered, giving attention to reliability quantification techniques used in the Rasmussen study, the 
application of the fault tree technique to a nuclear reactor containment system, and an approach to reliability assessment. 
AIAA 

Computerized Simulation; Conferences; Failure Analysis; Reliability Engineering; System Failures; Trees (Mathematics) 


19761)006423 Stanford Univ., Dept, of Statistics., CA, USA 

The first passage time distribution for a parallel exponential system with repair 

Brown, M., Stanford Univ., USA; Aug 15, 1974; 21p; In English 

Contract(s)/Grant(s): N00014-67-A-0 112-0085; NR PROJ. 042-267 

Report No.(s): AD-A013276; SU-TR-205; Avail; CASI; A03, Hardcopy; A01, Microfiche 

In system reliability studies, one obtains via a fault tree analysis, the various combinations of possible events which lead to 
system failure. These events can be characterized by a collection of minimal cut sets; a minimal cut set of components has the 
property that if all components in the set are simultaneously out of order the system fails, independently of the behavior of other 
components, and is minimal in that none of its proper subsets has this property. The author obtains the generating function. 
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moments and asymptotic distribution for the first passage time distribution of a parallel system. These, used in conjunction with 
the ESAry-Proschan inequality, should yield good approximations to system reliability. 

DTIC 

Exponential Functions; Reliability Engineering; Statistical Analysis 


19760009395 Kaman Sciences Corp., Colorado Springs, CO, USA 

GO evaluation of PWR spray system Final Report 

Long, W. T., Kaman Sciences Corp., USA; Aug 1, 1975; 92p; In English; Sponsored by Electric Power Research Inst. 

Report No.fs): PB-245114/4; EPRI-350-1; Avail: CAST; A05, Hardcopy; A01, Microfiche 

GO methodology is presented and its application demonstrated by performing a reliability analysis of a conceptual PWR 
containment spray system. Certain numerical results obtained are compared with those of a prior fault tree analysis of the same 
system. Basic data on the PWR containment spray system analyzed herein was provided in the form of schematics, functional 
descriptions, and subsystem failure data. Using this information, a GO model was created and exercised to ascertain the 
probabilities of occurrence (point estimates) of all events of interest including specifically the likelihoods of reducing pressure 
and removing radioactive iodine. These results do not vary significantly from those obtained in the prior study. Reasons for 
variations are noted. 

GRA 

Nuclear Power Reactors; Reliability Engineering; Sprayers 

19760017527 Aerojet Nuclear Co., Idaho Falls, ID, USA 
Review of fault tree analysis with emphasis on limitations 

Fussell, J. B„ Aerojet Nuclear Co., USA; Jan 1, 1975; 18p; In English; Conf. on Intent. Federation of Autom. Control, Cambridge, 
MA, USA 

Report No.(s): CONF-750860-1; Avail; CASI; A03, Hardcopy; A01, Microfiche 

An overview, with references for additional detail, is given for the analyst who wishes to apply the fault tree method for system 
reliability and safety analysis to industrial situations. The applicability of fault tree analysis and the limitations of such analysis 
are discussed. The various quantitative measures of system safety and reliability are presented. 

CASI 

Reliability Engineering; Systems Analysis; Trees (Mathematics) 


19760045890 

Computer-aided reliability and safety analysis of complex systems 

Inoue, K., Kyoto University, Japan; Henley, E. J., Houston, University, USA; Jan 1, 1975; lOp; In English; 6th; International 
Federation of Automatic Control, Triennial World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by 
International Federation of Automatic Control; See also A76-28778 13-63; Copyright; Avail: Issuing Activity 

This paper is a review of the state of the ait in the area of computer-aided reliability and safety analysis. It covers both 
reliability graph analysis and fault tree analysis, by comparing the methods developed for reliability graph analysis with those 
of fault tree analysis, it is seen that the two fields have been developed rather independently and yet a unified view and a more 
integrated approach to the problem is shown to be possible. Several new algorithms developed by the authors are given which 
detect minimal path and cut sets from a reliability graph and a fault tree. 

AIAA 

Complex Systems; Computer Techniques; Reliability Analysis; System Failures; Systems Analysis 


1976004589 1 

An integrated approach to system failure effects 

Reid, R. A„ Philips' Gloeilampenfabrieken, Netherlands; Jan 1, 1975; 7p; In English; 6th; International Federation of Automatic 
Control, Triennial World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by International Federation of 
Automatic Control; See also A76-28778 13-63; Copyright; Avail: Issuing Activity 

The failure modes and fault tree analysis techniques as used on spacecraft have been applied to a transport system study. A 
general approach to systems reliability has evolved and been applied to other systems. Based on an analysis of systems functional 
modes, the system level effects of component deviation from nominal are derived. A grouped tree analysis of these events 
facilitates the allocation of probabalistic reliability requirements and provides good visibility when fail-safe or similar conditions 
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apply. The approach is not limited to hardware. Computer programs and other software can also be analyzed and risks defined 
and minimized. 

AIAA 

Failure Modes; Reliability Engineering; System Failures; Systems Analysis; Transportation; Trees (Mathematics) 


19760045893 

A review of fault tree analysis with emphasis on limitations 

Fussell, J. B., Aerojet Nuclear Co., USA; Jan 1, 1975; 6p; In English; 6th; International Federation of Automatic Control, Triennial 
World Congress, August 24-30, 1975, oston, Cambridge, MA, US; Sponsored by International Federation of Automatic Control; 
See also A76-28778 13-63; Copyright; Avail: Issuing Activity 

The fault tree method for system reliability and safety analysis is reviewed, with particular reference to industrial applications. 
A fault tree is a graphical representation of a Boolean failure logic associated with the development of a particular top event for 
a particular system. The top event of a fault tree occurs when the system passes from the unfailed to the failed state. Components 
reliability characteristics are completely described by their time-dependent failure rate and repair rate. The discussion covers such 
parameters as reliability and unreliability, availability and unavailability, expected number of failures, and failure rate and repair 
rate. Theoretical and implementational limitations of the fault tree methodology are discussed. In particular, degraded 
performances other than totally failed cannot be evaluated. Fault tree analysis is shown to be suitable for problems concerning 
tangible and intangible systems. 

AIAA 

Component Reliability; Failure Modes; Reliability Analysis; System Failures; Systems Analysis; Trees (Mathematics) 

19770003607 Georgia Inst, of Tech., School of Industrial and Systems Engineering., Atlanta, GA, USA 
An. application of fault tree analysis to operational testing 
Rankin, G. L., Georgia Inst, of Tech., USA; Jun 1, 1975; 9 lp; In English 
Contract(s)/Grant(s): DAAG39-75-C-0095 

Report No.(s): AD-A024206; Avail; CASI; A05, Hardcopy; A01, Microfiche 

The problem of designing an operational test for complex military systems is approached using fault tree analysis. Operational 
testing, as opposed to developmental testing, must encompass all the various systems, doctrines, organizations, hardwares, and 
personnel that impact upon the system. Fault tree analysis is suggested as a method of modeling the entire system for various 
critical issues. 

DTIC 

Reliability Analysis; Tests; Trees (Mathematics) 

19770019584 BT Research Inst., Chicago, IL, USA 

Update to reliability and maintainability planning guide for Army aviation systems and components Final Report, JuL 
1975 - Aug, 1976 

Mihalkanin, P. A., IIT Research Inst., USA; Aug 1, 1976; 428p; In English 
Contract(s)/Grant(s): DAAJ01-75-C-1094 

Report No.(s): AD-A037446; IITRI-E6337-FR; USAAVSCOM-TR-77-15; Avail: CASI; A19, Hardcopy; A04, Microfiche 
This guidebook has been prepared to serve as a tool for the R and M Division of AVSCOM and for Program Managers to 
use in planning, managing and monitoring R and M programs for aviation systems. Included in the guidebook are basic concepts, 
program provisions, guidelines, recommendations and specific R and M plans and procedures. The various provisions presented 
in this guidebook were formulated to meet the specific mission needs of AVSCOM’s R and M Division, and are planned for use 
in support of the acquisition, operation and maintenance of Army aircraft systems and components. The major thrust of the 
guidebook is directed toward activities that take place during system development and production. Emphasis has been placed on 
mechanical reliability prediction, reliability growth testing, fault-tree analysis, and production reliability assurance techniques 
with specific examples applicable to helicopter systems. 

DTIC 

Armed Forces (USA); Avionics; Reliability 

19770020478 Lawrence Livermore National Lab., Livermore, CA, USA 

Fault trees for location of sensors in chemical processing systems 

Lambert, H., Lawrence Livermore National Lab., USA; Jul 30, 1976; 28p; In English; Am. Inst, of Chem. Engr. 69th Ann. 
Meeting, 28 Nov. - 2 Dec. 1974, Chicago 
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Contract(s)/Grant(s): W-7405-ENG-48 

Report No.Cs): UCRL-78442; CONF-761109-1; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The concepts of probabilistic importance within the context of fault tree analysis is presented. On the basis of probabilistic 
importance of events in fault trees, it is shown how to optimally locate sensors in a system. Two kinds of sensors are described: 
preventive sensors to detect early failures of critical redundant components and diagnostic sensors to detect potentially 
catastrophic system fault conditions. A S02-02 conversion process is chosen as an example to illustrate the methods that are 
presented. 

ERA 

Chemical Reactions; Circuits; Measuring Instruments 


19770036088 

On the quan titative analysis of priori ty-AND failure logic 

Fussell, J. B., Tennessee, University, USA; Aber, E. F.; Rahl, R. G., Idaho National Engineering Laboratory, USA; IEEE 
Transactions on Reliability; Dec 1, 1976; R-25, pp. Dec. 197; In English; p. 324-326; Copyright; Avail: Issuing Activity 

An exact and an approximate method for calculating the probability of occurrence of the output event from priority- AND 
(sequential) failure logic is given. The approximate method can be used during fault-tree analysis without modification to existing 
quantitative evaluation techniques. Assumptions made include s-independent, exponentially distributed, nonrepairable basic 
events as input to the priori ty-AND failure logic. 

AIAA 

Circuit Reliability; Failure Analysis; Gates (Circuits); Logical Elements; Reliability Analysis 
19780021543 National Technical Information Service, Springfield, VA, USA 

Reliability; Mathematical techniques, volume 1. A bibliography with abstracts Progress Report, 1970 - May 1977 

Reimherr, G. W„ National Technical Information Service, USA; May 1, 1978; 30()p; In English 
Report No.(s): NTIS/PS-78/0438/8; Avail: CASI; A13, Hardcopy; A03, Microfiche 

Topics covered include statistical analysis, fault tree analysis, life testing, failure analysis, and mathematical models as 
applied to reliability prediction. 

GRA 

Reliability Analysis 


19780049523 

Computer methods for qualitative fault tree analysis 

Gangadharan, A. C.; Rao, M. S. M.; Sundararajan, C., Foster Wheeler Development Corp., USA; Jan 1, 1977; 12p; In English; 
Design Engineering Technical Conference, September 26-28, 1977, Chicago, IL; See also A78-33426 13-39; Copyright; Avail: 
Issuing Activity 

The paper describes the different computer methods used for the reduction of fault trees to minimal cut sets and path sets. 
The concepts behind the Monte Carlo simulation technique, the combination testing method, the algorithm using Boolean 
Indicated Cut Sets (BICS) and the use of primary numbers are illustrated with a simple example. Computer programs developed 
on the basis of these concepts are identified. A new concept of binary bit string (BBS) representation of events and the use of binary 
logic operators within the computer for reduction of fault tree are introduced. A computer program, FALTREE, written by the 
second author using this new concept is briefly described. It is shown that BBS representation and the binary reduction can result 
in substantial savings in computer time. 

AIAA 

Computer Programs; Failure Analysis; Reliability Analysis; Trees (Mathematics) 

19790017233 California Univ., Operations Research Center., Berkeley, CA, USA 
Computer-aided fault tree analysis Topical Research Report 
Willie, R. R., California Univ., USA; Aug 1, 1978; 104p; In English 
Contract(s)/Grant(s): N00014-75-C-0781; AF-AFOSR-3 179-77 

Report No.(s): AD-A066567; ORC-78-14; Avail: CASI; A06, Hardcopy; A02, Microfiche 

Part I of this report discusses a computer-oriented methodology for deriving minimal cut and path set families associated with 
arbitrary fault trees. Part II describes the use of the Fault Tree Analysis Program (FLAP), an extensive FORTRAN computer 
package that implements the Part I methodology. An input fault tree to FTAP may specify the system state as any logical function 
of subsystem or component state variables or complements of these variables. When fault tree logical relations involve 
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complements of state variables, the analyst may instruct FTAP to produce a family of prime implicants, a generalization of the 
minimal cut set concept. FTAP can also identify certain subsystems associated with the tree as system modules and provide a 
collection of minimal cut set families that essentially expresses the state of the system as a function of these modules state 
variables. Another FTAP feature allows a subfamily to be obtained when the family of minimal cut sets of prime implicants is 
too large to be found in its entirety; this subfamily consists only of sets that are interesting to the analyst in a special sense. 
CASI 

Boolean Algebra; Computer Programs; Operations Research; Trees (Mathematics) 

19790020431 National Technical Information Service, Springfield, VA, USA 

Reliability - mathematical techniques, volume 2. A bibliography with abstracts Progress Report, Jim, 1977 - Apr, 1979 

Reimherr, G. W„ National Technical Information Service, USA; May 1, 1979; 87p; In English 

Report No.(s): NTIS/PS -79/045 1/9; NTIS/PS-78/0439; NTIS/PS-77/0445; NTIS/PS-76/0221; Avail: CASI; A05, Hardcopy; 
A01, Microfiche 

The cited reports discuss reliability prediction using mathematical techniques. Topics covered include statistical analysis, 
fault tree analysis, life testing, failure analysis, and mathematical models as applied to reliability prediction. 

GRA 

Reliability; Statistical Analysis 

19790031338 

Annual Reliability ant! Maintainability Symposium, Los Angeles, Calif., January 17-19, 1978, Proceedings 

Jan 1, 1978; 557p; In English; Annual Reliability and Maintainability Symposium, January 17-19, 1978, Los Angeles, CA; 
Sponsored by IEEE; Copyright; Avail; Issuing Activity 

Models of reliability and maintainability of systems are studied, and reliability concepts, attitudes, and policies are described. 
Topics discussed include logistics supportability testing, Air Force experience with reliability improvement warranties (RIW), 
time series analysis of failure data, contractor risk associated with RIWs, mechanical reliability for low cycle fatigue, effects of 
on-off cycling on equipment reliability, a life-cycle management cost model, fault-tree analysis with probability evaluation, 
computer-graphic design for human performance, and early identification of high-maintenance helicopters. 

AIAA 

Conferences; Maintainability; Reliability Engineering 


19790032572 

Application of the fault tree in fault testing and design improvement Ueber die Anwendung des Fehlerbaumes bei der 
Fehlersuche and Konstruktionsverbesserung 

Broschk, K.; Keller, H.; Jan 1, 1978; 6p; In German; Copyright; Avail: Issuing Activity 

The method of fault tree analysis is illustrated on some simple systems such as a switchable electric circuit and an aircraft 
spoiler system. The technique of fault finding by means of the fault tree is described. An example of how fault tree analysis helps 
improve a design by revealing critical events with high probability that can be replaced by ones with lower probability is discussed. 
AIAA 

Aircraft Reliability; Design Analysis; Failure Analysis; Reliability Engineering; Systems Analysis; Trees (Mathematics) 
19800020238 National Technical Information Service, Springfield, VA, USA 

Reliability: Mathematical techniques. Citations from the NTIS data base Progress Report, Jim, 1977 - Apr. 1980 

Reimherr, G. W„ National Technical Information Service, USA; Apr 1, 1980; 106p; In English 

Report No.(s): PB80-809486; NTIS/PS-79/0451; NTIS/PS-78/0439; Avail: CASI; A06, Hardcopy; A02, Microfiche 

The cited reports discuss reliability prediction using mathematical techniques. Topics covered include statistical analysis, 
fault tree analysis, life testing, failure analysis, and mathematical models as applied to reliability prediction. This updated 
bibliography contains 99 abstracts, 20 of which are new entries to the previous edition. 

NTIS 

Confidence Limits; Failure Analysis; Reliability 


19800037897 

An efficient, bottom-up algorithm for enumerating minimal cut sets of fault trees 

Nakashima, K., Himeji Institute of Technology, Japan; Hattori, Y., Kyoto University, Japan; IEEE Transactions on Reliability; 
Dec 1, 1979; R-28, pp. Dec. 197; In English; p. 353-357; Copyright; Avail: Issuing Activity 
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The paper improves the conventional bottom-up algorithm for enumerating minimal cut sets of fault tree. It is proved that, 
when the logical product of two reduced sum-of-product forms is expanded by the distribution rule, one need only check if each 
resulting term is absorbed by some terms of two original sum-of-product forms. The algorithm for executing this process is 
presented and illustrated by an example. The entire computer program is given in a supplement and the computational results for 
several examples are presented to demonstrate the efficiency of the algorithm. 

AIAA 

Algorithms; Computer Programs; Fault Trees; Reliability Analysis; Run Time (Computers) 


19800054967 

Dagger-sampling Monte Carlo for system unavailability evaluation 

Kumamoto, H.; Tanaka, K.; Inoue, K„ Kyoto University, Japan; Henley, E. J„ Houston, University, USA; IEEE Transactions on 
Reliability; Jun 1, 1980; R-29, pp. June 198; In English; p. 122-125; Copyright; Avail: Issuing Activity 

Reliability problems usually result in rare -event simulations, and hence direct Monte Carlo methods are extremely wasteful 
of computer time. This paper presents a new application of 'dagger-sampling', for calculating the system unavailability of a large 
complicated system represented by a coherent fault tree. Since a small number of uniform random numbers generate a number 
of trials, dagger-sampling appreciably reduces computation time, and hence a large number of trials become possible for the 
rare-event problems. Further, dagger-sampling decreases the variance of the Monte Carlo estimator because it generates 
negatively correlated samples. 

AIAA 

Availability; Fault Trees; Monte Carlo Method; Random Sampling; Reliability Analysis; Run Time (Computers) 

19800056179 

A. Boolean approach to common, cause analysis 

Worrell, R. B.; Stack, D. W„ Sandia Laboratories, USA; Jan 1, 1980; 4p; In English; Annual Reliability and Maintainability 
Symposium, January 22-24, 1980, San Francisco, CA; See also A80-40301 16-38; Copyright; Avail: Issuing Activity 

It is shown that a transformation of variables can be used to achieve qualitative common cause analysis. Transformation 
equations that relate cause events to the primary events of a fault tree are described, and the substitutions that change the minimal 
cut set equation for the top event of the fault tree from a function of primary events to a function of cause events are explained. 
Examples are presented which show that different kinds of common cause analysis are accomplished by simple modifications of 
the transformation equations. 

AIAA 

Boolean Functions; Failure Analysis; Fault Trees; Reliability Analysis; Transformations (Mathematics) 

19800064632 

Repairable multiphase systems - Markov and fault-tree approaches for reliability evaluation 

Clarotti, C. A., Comitato Nazionale per l’Energia Nucleare, Italy; Contini, S., Sigen S.p.A., Italy; Somma, R., Selenia S.p.A., Italy; 
Jan 1, 1980; 14p; In English; Synthesis and analysis methods for safety and reliability studies, July 3-14, 1978, Urbino, Italy; 
Sponsored by In: Synthesis and analysis methods for safety and reliability studies; Proceedings of the Advanced Study Institute; 
See also A80-48801 21-38; Copyright; Avail: Issuing Activity 

In order to evaluate the fault-tree technique aud the Markov approach to phased mission systems, both approaches are applied 
to a specified mission. It is shown that while the fault-tree technique leads to an approximate solution to phased mission problems, 
the Markov approach gives an exact analytical solution. The limitations and advantages of each of these approaches are discussed. 
AIAA 

Fail-Safe Systems; Fault Trees; Markov Processes; Reliability Analysis; Space Missions; Spacecraft Reliability 

19811)002898 Science Applications, Inc., Advanced Power Systems Div., Palo Alto, CA, USA 

Extension and validation of fault-tree analysis for reliability predict ion 

Land, R„ Science Applications, Inc., USA; Rayes, L„ Science Applications, Inc., USA; Burns, E. T., Science Applications, Inc., 
USA; Sep 1, 1980; 121p; In English 

Report No.(s): EPRI-AP-1510; Avail: CASI; A06, Hardcopy; A02, Microfiche 

The reliability projection for a type of fossil fueled power plant which makes use of a combustion turbine and heat recovery 
steam generator in parallel operation with a package boiler is presented. The fault tree methodology was used to estimate both 
the mean plant reliability plus a confidence interval for the calculated reliability prediction. The input component failure rates, 
including the error bounds were updated from an integrated data base obtained from the best available data. The estimated 
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reliability results using a model representative of the initial two years of plant operation were compared with the reliability from 
plant operating experience data for a similar period, and these are presented. The estimated reliability for continuous plant 
operation for 500 hours is in good agreement with the plant operating experience. It is concluded that the fault tree methodology 
can be applied directly to both the qualitative and quantitative prediction of power plant reliability. 

DOE 

Electric Power Plants; Fault Trees; Prediction Analysis Techniques; Reliability Analysis 


19810008957 Massachusetts Inst, of Tech., Energy Lab., Cambridge, MA, USA 

Qualitative and quantitative reliability analysis of safety systems 

Karimi, R„ Massachusetts Inst, of Tech., USA; Rasmussin, N„ Massachusetts Inst, of Tech., USA; Wolf, L., Massachusetts Inst, 
of Tech., USA; May 1, 1980; 288p; In English; Sponsored in part by Boston Edison Co., Mass. 

Report No.fs): PB81-118325; MIT-EL-80-015; Avail: CASI; A13, Hardcopy; A03, Microfiche 

A code was developed for the comprehensive analysis of a fault tree. The code designated UNRAC (UNReliability Analysis 
Code) calculates the following characteristics of an input fault tree: (1) minimal cut sets; (2) top event unavailability as point 
estimate and/or in time dependent form; (3) quantitative importance of each component involved; and (4) error bound on the top 
event unavailability. Overall it is demonstrated that UNRAC is an efficient, easy to use code and has the advantage of being able 
to do a complete fault tree analysis with this single code. Applications of fault tree analysis to safety studies of nuclear reactors 
are considered. 

NTIS 

Component Reliability; Computer Programs; Fault Tolerance; Fault Trees; Reliability Analysis 


19810011920 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA 
Integrating reliability analysis and design 

Rasmuson, D. M., Edgerton, Germeshausen and Grier, Inc., USA; Oct 1, 1980; 68p; In English 
Contract(s)/Grant(s): DE-AC07-76ID-01570 

Report No.(s): ALO-131; EGG-IS-5187; Avail: CASI; A04, Hardcopy; A01, Microfiche 

The Interactive Reliability Analysis Project is described and the advantages of using computer-aided design systems (CADS) 
in reliability analysis are enumerated. Common cause failure problems require presentations of systems, analysis of fault trees, 
and evaluation of solutions to these. Results have to be communicated between the reliability analyst and the system designer. 
Using a computer-aided design system saves time and money in the analysis of design. Computer-aided design systems lend 
themselves to cable routing, valve and switch lists, pipe routing, and other component studies. 

DOE 

Computer Aided Design; Fault Trees; Reliability Analysis; Reliability Engineering; System Failures 


19810014944 Battelle Columbus Labs., OH, USA 

Comparative analysts of techniques for evaluating the effectiveness of aircraft computing systems 

Hitt, E. F„ Battelle Columbus Labs., USA; Bridgman, M. S., Battelle Columbus Labs., USA; Robinson, A. C., Battelle Columbus 
Labs., USA; Apr 1, 1981; 156p; In English 
Contract(s)/Grant(s): NAS 1-15760 

Report No.(s): NASA-CR- 159358; Avail: CASI; A08, Hardcopy; A02, Microfiche 

Performability analysis is a technique developed for evaluating the effectiveness of fault-tolerant computing systems in 
multiphase missions. Performability was evaluated for its accuracy, practical usefulness, and relative cost. The evaluation was 
performed by applying performability and the fault tree method to a set of sample problems ranging from simple to moderately 
complex. The problems involved as many as five outcomes, two to five mission phases, permanent faults, and some functional 
dependencies. Transient faults and software errors were not considered. A different analyst was responsible for each technique. 
Significantly more time and effort were required to learn performability analysis than the fault tree method. Performability is 
inherently as accurate as fault tree analysis. For the sample problems, fault trees were more practical and less time consuming to 
apply, while performability required less ingenuity and was more checkable. Performability offers some advantages for evaluating 
very complex problems. 
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19820007581 Los Alamos Scientific Lab., NM, USA 

Failure mode analysis using state variables derived from fault trees with application 

Bartholomew, R. J., Los Alamos Scientific Lab., USA; Jan 1, 1981; lip; In English; ANS/ENS Topical Meeting on Probabilistic 
Risk Assessment, 20-24 Sep. 1981, Port Chester, NY, USA 
Contractfs)/Grantfs): W-7405-ENG-36 

Report No.(s): DE81-030239; LA-UR-8 1-2595; CONF-8 10905-3; Avail: CASI; A03, Hardcopy; A01, Microfiche 

Fault Tree Analysis (FTA) is used extensively to assess both the qualitative and quantitative reliability of engineered nuclear 
power systems employing many subsystems and components. FTA is very useful, but the method is limited by its inability to 
account for failure mode rate of change interdependencies (coupling) of statistically independent failure modes. The state variable 
approach (using FTA derived failure modes as states) overcomes these difficulties and is applied to the determination of the 
lifetime distribution function for a heat pipe thermoelectric nuclear power subsystem. Analyses are made using both Monte Carlo 
and deterministic methods and compared with a Markov model of the same subsystem. 
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19820016495 Beijing Inst, of Control Engineering, China 

A new approach for fault-tree analysis 

Jion-Sheng, L„ Beijing Inst, of Control Engineering, China; ESA 2nd ESA Prod. Assurance Symp.; Jan 1, 1982, pp. p 57-62; 
In English; See also N82-24362 15-31; Avail; CASI; A02, Hardcopy; A01, Microfiche 

The disjoint manipulation rules (DMR) of Boolean algebra used to write the disjoint failure function directly from a fault tree 
(FT) are discussed. Programs which enumerate minimal cut sets, prime implicit sets, and transform the system failure function 
to disjoint form are simplified to a unique program. The coherent and noncoherent systems can be handled consistently. The FT 
decomposition and reduction techniques are combined. Each module is replaced by a pseudo basic event from the FT, and 
replicated modules are discarded. The effective size of the FT is the number of events remaining after the modules are replaced, 
and the amount of computation decreases exponentially. 
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19820031852 

Fault diagnosis by mathematical programming 

Watanabe, T.; Yasunobu, C.; Okuma, M., Hitachi, Ltd., Japan; IEEE Transactions on Reliability; Oct 1, 1981; R-30, pp. Oct. 198; 
In English; p. 345-352; Copyright; Avail; Issuing Activity 

This paper presents the problem of fault diagnosis for logically represented continuous systems that can be formulated 
through nonlinear mathematical programming. This problem is transformed to an integer-programming problem and solved. 
Possible modifications and extensions of the problem are given. Although failure tables must be prepared in ordinary fault 
diagnosis, they are not necessary with this mathematical programming approach, by modifying constraints in the mathematical 
programming problem, difficulties such as multiple faults, correlated faults, modifications of test conditions and cycles in the 
system, which are encountered in the ordinary failure table approach, are made tractable. 
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Analysis of reliability Mock diagrams by Boolean techniques 

Bennetts, R. G., Cirrus Computers, Ltd., UK; IEEE Transactions on Reliability; Jun 1, 1982; R-31, pp. June 198; In English; p. 
159-166; Copyright; Avail: Issuing Activity 

A general purpose method for producing reliability expressions from reliability block diagrams based on an analysis of a 
pathset expression derived from the reliability block diagram is described. The resulting expression is tested for disjoitness and 
procedures are defined for making the terms disjoint if the test is failed. Unassigned variables are reintroduced into the terms in 
a manner which is consistent with an overall Boolean function and still guarantees disjointness. Relationships between Boolean 
and probabalistic algebras are explored and notation is defined, and the solution is found in terms of the test and modify algorithm 
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without using a truth table. The method is concluded to be applicable to fault-tree analysis and general problems of reliability 
assessment, using only a hand calculator. 

AIAA 

Block Diagrams; Boolean Algebra; Fault Trees; Probability Theory; Reliability Analysis 
19830011947 Katholieke Univ. te Leuven, Belgium 

Interactive reliability analysis by using SALP and Computer-Aided Fault-Tree Synthesis (CAFTS) 

Poucet, A., Katholieke Univ. te Leuven, USA; Demeester, P„ Katholieke Univ. te Leuven, USA; Amendola, A., Joint Research 
Centre of the EEC; Caretta, A., Joint Research Centre of the EEC; ESA Reliability and Maintainability; Sep 1, 1982, pp. p 
285-289; In English; See also N83-20178 10-38; Avail: CASI; A01, Hardcopy; A06, Microfiche 

The SALP-CAFTS software package permits to interactively construct, modify and analyze fault trees and can be used 
together with libraries containing component reliability models and reliability data. Extensive use of interactive graphics and 
modem techniques such as selection menus and full screen data entry panels results in an excellent interface between the analyst 
and the computer, by this interactive approach, the analyst is relieved from routine work, so that his/her attention is better focused 
on critical points of the analysis. Moreover, one has the possibility to perform sensitivity studies and system design optimization 
in a very fast and effective way. 
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19830020199 British Aerospace Dynamics Group, Reliability Technology Dept., Stevenage, UK 
Computer programs for design safety, reliability maintainability analysis 

Oconnor, P. D. T., British Aerospace Dynamics Group, UK; Defence Quality Assurance Board Sem. on Quality Assurance in 
Design and Develop.; Jan 1, 1982, pp. p 15-28; In English; See also N83-28468 17-38; Avail: CAST, A03, Hardcopy; A01, 
Microfiche 

Reliability prediction using parts count techniques, and nonconstant failure rates (Weibull life plot shape parameter. Beta + 
1) are considered. For electronic systems, MIL-HBK-217C (Notice 1 May 1980) is used to provide the failure rate models and 
data base, since it includes stress analysis failure rate models. Failure mode, effect and criticality analysis program in conjunction 
with MIL-HBK-1629 is discussed. Fault tree analysis and block diagram analysis are treated. Maintainability prediction, based 
on MIL-HBK-472, is reviewed. 
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Computer Aided Design; Computer Systems Programs; Maintainability; Prediction Analysis Techniques; Reliability Analysis; 
Systems Analysis 
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Reliability assessment and techniques 

Sampath, R., Defence Research and Development Laboratory, India; Aeronautical Society of India; May 1, 1981, pp. vol. 33; In 
English; Feb. -May 1981, p. 27-33; Avail; Issuing Activity 

Reliability prediction is an important step at the design stage of certain vital equipment whose development is expensive and 
time consuming. It pays itself by cutting off the time cycle and also building up reliability in the design. A number of techniques 
are available for reliability prediction; Those using Parts Count Method, Parts Stress Analysis and Fault Tree Analysis are 
discussed in this paper. The methodology, the strengths and weaknesses of each method are pointed out. Action required to make 
these methods realistic and of practical significance to industries is also indicated. 

AIAA 

Component Reliability; Electronic Equipment; Mathematical Models; Prediction Analysis Techniques; Reliability Engineering; 
Structural Reliability 
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ESCAF - A new and cheap system for complex reliability analysis and computation 

Laviron, A.; Manaranche, J. C„ Commissariat a l’Energie Atomique, Centre d’Etudes de Valduc, Is-sur-Tille, France; Camino, 
A., Commissariat a l'Energie Atomique, France; IEEE Transactions on Reliability; Oct 1, 1982; R-31, pp. Oct. 198; In English; 
p. 339-349; Copyright; Avail; Issuing Activity 

A new apparatus, the electronic simulator to compare and analyze failures (ESCAF), is introduced as a means to analyze the 
reliability of systems with up to 416 components. ESCAF operates by simulating a system using the electronic gates of ICs 
mounted on specially configured cards. The component state is input and the failed or nonfailed state of the system is output after 
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a fault-tree analysis. A fault combination generator simulated the failure of all system components or the occurrence of all basic 
events, employing increasing orders of simulation until the most complex order of events is accounted for. Input of the individual 
event probabilities, component failure probabilities, or component unavailabilities yields computation of the overall system 
failure probability or unavailability. A serial transmission link is provided for interconnect with a mini- or microcomputer. Use 
of the device for spacecraft or nuclear power plant safety analyses is indicated. 
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Electronic Equipment; Failure Analysis; Fault Trees; Reliability Analysis; Reliability Engineering; Systems Simulation 


19830066397 

Interval reliability for initiating and enabling events 

Dunglinson, C., E.I. Du Pont de Nemours and Co., USA; Lambert, H.; IEEE Transactions on Reliability; Jun 1, 1983; ISSN 
0018-9529; R-32, pp. June 198; In English; p. 150-163; Copyright; Avail; Issuing Activity 

This paper describes generation and evaluation of logic models such as fault trees for interval reliability. Interval reliability 
assesses the ability of a system to operate over a specific time interval without failure. The analysis requires that the sequence of 
events leading to system failure be identified. Two types of events are described: (1) initiating events (cause disturbances of 
perturbations in system variables) that cause system failure and (2) enabling events (permit initiating events to cause system 
failure). Control-system failures are treated. The engineering and mathematical concepts are described in terms of a simplified 
example of a pressure-tank system. Later these same concepts are used in an actual industrial application in which an existing 
chlorine vaporizer system was modified to improve safety without compromising system availability. Computer codes that are 
capable of performing the calculations, and pitfalls in computing accident frequency in fault tree analysis, are discussed. 
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Computer Aided Design; Fault Trees; Pressure Vessel Design; Reliability Analysis; System Failures; Systems Analysis 


19830069141 British Library Lending Div., Boston Spa, UK 
Consequence/cause diagrams 

Farris, L.; Mazzocchi, A.; Sep 9, 1982; 15p; Transl. into ENGLISH from Chim. Ind. (Milan), v. 61, no. 3, Mar. 1979; In English 
Report No.(s); BLL-RISLEY-TR-4172-(9091.9F); Copyright; Avail: British Library Lending Div., Boston Spa, Engl., Unavail. 
Microfiche 

No abstract. 

Causes; Failure Analysis; Fault Trees; Reliability Analysis 


19830071982 Australian Atomic Energy Commission, Lucas Heights, Australia 

Fault tree analysis: Method and symbols 

Nov 1, 1980; 24p; Transl. into ENGLISH from German Standard DIN-25424, Jun. 1977; In German 
Report No.(s): DE81-700889; AAEC-LIB/TRANS-733; Avail; CASI; A03, Hardcopy; Avail; CASI HC A03/; A01, Microfiche; 
US Sales Only 
No abstract. 

Computer Programs; Data Processing; Failure Analysis; Fault Trees; Mathematical Models; Reliability Engineering 


19830075603 Science Applications, Inc., Palo Alto, CA, USA 

Verification of fault tree analysis. Volume 2 : Technical descriptions 

Rothbart, G„ Science Applications, Inc., USA; Fullwood, R., Science Applications, Inc., USA; Basin, S., Science Applications, 
Inc., USA; Newt, J., Science Applications, Inc., USA; Escalera, J., Science Applications, Inc., USA; May 1, 1981; 167p; In 
English; Sponsored by EPRI 
Contract(s)/Grant(s): EPRI PROJ. 1223 

Report No.(s): DE81-903495; EPRI-NP-1570-VOL-2; Avail: CASI; A08, Hardcopy, Microfiche 
No abstract. 

Circuit Boards; Fault Trees; Printed Circuits; Reliability Analysis 
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19830077066 Science Applications, Inc., Palo Alto, CA, USA 

Verification of fault tree analysis. Volume 1: Experiments and results 

Rothbart, G., Science Applications, Inc., USA; Fullwood, R„ Science Applications, Inc., USA; Basin, S., Science Applications, 
Inc., USA; Newt, J., Science Applications, Inc., USA; Escalera, J., Science Applications, Inc., USA; May 1, 1981; 147p; In 
English 

Contract(s)/Grant(s): EPRI PROJ. 1233 

Report No.Cs): DE81-903324; EPRI-NP-1570-VOL-1; Avail; CASI; A07, Hardcopy, Microfiche 
No abstract 

Complex Systems; Component Reliability; Maintenance; Reactor Safety; Systems Simulation 


19840013823 Los Alamos Scientific Lab., NM, USA 

State variable method of fault tree analysis 

Bartholomew, R. I., Los Alamos Scientific Lab., USA; Knudsen, H. K., New Mexico Univ., USA; Whan, G. A., New Mexico 
Univ.; Jan 1, 1984; 28p; In English; Symp. on Space Nucl. Power Systems, 10-12 Jan. 1984, Albuquerque, NM, USA 
Contract(s)/Grant(s): W-7405-ENG-36 

Report No.(s): DE84-006007; LA-UR-84-53; CONL-840113-5; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The current technique of Lault Tree Analysis (ETA) generally employs computer codes that calculate the minimal cut sets 
of the Boolean function, where each cut set comprises basic initiator events (roots) whose intersection implies the occurrence of 
a TOP (system failure) event. Because the number of calculations is very large for typical fault trees, the importance of any given 
cut set is assessed by qualitative algorithms that includes the number of basic events in the cut set, and quantitative importance 
algorithms that involve probabilistic upper and lower bound estimates, and the sets are culled before quantitative probability 
calculations are made. The question addressed in this paper is; can a tractable mathematical model be found that performs 
quantitative calculations without the need of upper or lower bound simplications and include within its structure the capability 
of handling common cause/common mode statistical dependence, failure mode coupling interdependence, and sequential failure 
time dependence. 
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Fault tree analysis, taking Into account causes of common mode failures 

Stecher, K., Siemens AG, Germany; Siemens Forschungs- und Entwicklungsberichte; Jan 1, 1984; ISSN 0370-9736; 13, 4, 19; 
8p; In English; Copyright; Avail; Issuing Activity 

In evaluating fault trees using Boolean algebra and system function, subsystems can only be separated out if there are no 
failures of multiple-system components attributable to a common cause; i.e., so-called common-mode failures. For systems with 
distributed common modes, the effort required for this evaluation increases exponentially with the number of design components. 
This problem has been solved by means of a method in which the reliability data for the simple components are inserted on the 
lowest possible level of evaluation, whereas the data for the common modes are substituted at the top of the fault tree. The method 
described provides the basis for a computer program. 
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19840068960 Kemforschungszentrum G.m.b.H., Projekt Nukleare Sicherheit., Karlsruhe, Germany 

Failure diagnosis and fault tree analysis 

Weber, G., Kemforschungszentrum G.m.b.H., Germany; Jul 1, 1982; 114p; In English 

Report No.(s): DE82-750171; KFK-3384; Avail; CASE A06, Hardcopy; Avail; CASI HC A06/; A02, Microfiche; US Sales Only 
No abstract. 

Boolean Algebra; Boolean Functions; Failure Analysis; Fault Trees; Reactor Safety 
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From fault-tree to fault-identifleation 

Kiss, L„ Magyar Tudomanyos Akademia, Hungary; IEEE Transactions on Reliability; Dec 1, 1983; ISSN 0018-9529; R-32, pp. 
422-425; In English; Copyright; Avail; Issuing Activity 
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A practical way is given of identifying actual faults, by using a fault tree's complete system of minimal cutsets. For instance, 
for a fault tree where 20 cutsets are considered with 30 possible primal events, any of them can be found in at most three steps 
by the proposed FID-algorithm. 

AIAA 

Boolean Algebra; Fault Trees; Parameter Identification; Reliability Analysis 


19850056115 

Classification of Characteristics - Rich source of test requirements 

Pope, M.; Dimbach, P. H., Rockwell International Corp., USA; Jan 1, 1984; 6p; In English; 8th; Aerospace Testing Seminar, 
March 21-23, 1984, Los Angeles, CA; Sponsored by Insititute of Environmental Sciences and Aerospace Corp.; See also 
A85-38251 17-14; Avail; Issuing Activity 

Test requirements are found in connection with three different situations. Thus, a contract may contain test requirements, or 
interpretations of test requirements. Another situation requiring the conduction of tests is related to design or development 
processes, while a third situation is produced by the need to conduct failure assessment studies. An analytical technique called 
’Classification of Characteristics' provides the means for a detailed and highly graphic assessment of possible failure modes. This 
technique applies to design characteristics which affect personnel safety or mission reliability. The basic steps for implementing 
Classification of Characteristics include an identification of the component or system failure modes and their causes by a fault 
tree analysis, and a classification of the failure modes as critical or major. Attention is also given to the identification of all design 
characteristics related to possible failure modes, the coordination of the required action with certain organizations, and aspects 
of documentation. 
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19850064527 

Fault tree analysis, methods, and applications - A review 

Lee, W. S.; Grosh, D. L.; Tillman, F. A., Kansas State University, USA; Lie, C. II., Seoul National University, USA; IEEE 
Transactions on Reliability; Aug 1, 1985; ISSN 0018-9529; R-34, pp. 194-203; In English; Research supported by the Korea 
Science and Engineering Foundation 

Contract(s)/Grant(s): N00014-76-C-0842; NSF INT-82- 15755; Copyright; Avail: Issuing Activity 

This paper reviews and classifies fault-tree analysis methods developed since 1 960 for system safety and reliability. Fault-tree 
analysis is a useful analytic tool for the reliability and safety of complex systems. The literature on fault-tree analysis is, for the 
most part, scattered through conference proceedings and company reports. The literature has been classified according to system 
definition, fault-tree construction, qualitative evaluation, quantitative evaluation, and available computer codes for fault-tree 
analysis. 
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19850064529 

A reliability-program case-history on design review 

Kitagawa, K., Tokyo Science University, Japan; IEEE Transactions on Reliability; Aug 1, 1985; ISSN 0018-9529; R-34, pp. 
212-215; In English; Copyright; Avail; Issuing Activity 

This paper summarizes the investigative results of actual design reviews as an important part of reliability program, and 
describes several reliability engineering efforts to achieve an effective design review. Design data packages (design 
documentation) which indicate the basic design program and design process are important in design reviews. When attention is 
concentrated on a data package, the ability of the reviewers is heightened and the results of the review are enhanced. When the 
design review is concerned with product reliability, then the availability and quality of: (1) a data package with established 
reliability level objectives and predictions, (2) a Failure Mode Effect Analysis and a Fault Tree Analysis, and (3) other data 
packages on product reliability and related technology or engineering, all greatly influence the results of the review. The potential 
weak points in a design can be revealed by over-stress tests and the results of such tests are very useful in the reliability design 
review. The improved design which can withstand the adequate overstress tests appreciably lessened customer complaints about 
reliability. 
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Mechanical R&M modeling and simulation methods 

Bazovsky, I., Sr., IB A, Inc., USA; Benz, G. E.; Jan 1, 1984; 6p; In English; Annual Reliability and Maintainability Symposium, 
January 24-26, 1984, San Francisco, CA; Sponsored by IEEE, AIAA, ASME; See also A85-49526 24-38; Copyright; Avail: 
Issuing Activity 

Theory is developed for the reliability of mechanical components as a function of their age and for the reliability of 
mechanical systems. It is shown that renewal theory can be used in practical applications to avoid the burden of keeping age 
records on every part. Two classes of maintenance policies are investigated; one replaces only failed components, the other 
replaces components preventively and at failure. It is shown that a logic tree approach to simulation provides for a mix of 
techniques which can treat such problems as reduction in maintenance float for expensive weapons, and reduction in parts disposal 
for machines processing hazardous materials. 
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Component Reliability; Fault Trees; Maintenance; Mechanical Engineering; Reliability Analysis; Systems Simulation 

19850070711 Nuclear Regulatory Commission, Div. of Systems and Reliability Research., Washington, DC, USA 

Fault tree handbook 

Haasl, D. F., Nuclear Regulatory Commission, USA; Roberts, N. H„ Nuclear Regulatory Commission, USA; Vesely, W. E., 
Nuclear Regulatory Commission, USA; Goldberg, F. F., Nuclear Regulatory Commission, USA; Jan 1, 1981; 215p; In English 
Report No. (s): NUREG-0492; Avail; CASI; A 10, Hardcopy, Unavail. Microfiche 
No abstract. 

Fault Trees; Nuclear Power Plants; Reliability Analysis; Systems Analysis 

19860036268 
Digraph matrix analysis 

Sacks, I. J., Analytic Information Processing, Inc., USA; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34, 
pp. 437-446; In English; Research supported by the U.S. Nuclear Regulatory Commission and Analytic Information Processing, 
Inc; Copyright; Avail; Issuing Activity 

This paper describes a systematic procedure for constructing a Boolean reliability model from plant schematics, and a 
technique for determining all sets of single and double component failures which will cause system failure. This technique, called 
digraph matrix analysis, uses a fault graph instead of the more traditional fault tree. Digraph matrix analysis was recently applied 
to the system interaction analysis of a very large safety system (over ten thousand components) and is being used to determine 
security system vulnerabilities. 

AIAA 

Boolean Algebra; Fault Trees; Graph Theory; Matrices (Mathematics); Reliability Analysis; System Failures 

19860036270 

Fault-free analysis using a binary decision tree 

Schneeweiss, W. G., Femuniversitaet, Germany; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34, pp. 
453-457; In English; Copyright; Avail; Issuing Activity 

A new algorithm for the production of a short disjoint-products form of a fault-tree output function is presented and discussed. 
This algorithm consists of a sequential binary decision process to find first big, then smaller sets of elementary system-failure 
states which correspond to disjoint-product terms. The identification of bad and good system states can be eased by a simple 
ternary (3-state) decision for which an auxiliary procedure is presented. The main advantages of this algorithm appear to be its 
efficiency, simplicity, and usefulness as an alternative (in the sense of multiversion programming for software fault tolerance) for 
the Shannon decomposition algorithm. 

AIAA 

Boolean Functions; Decision Theory; Fault Trees; Reliability Analysis; System Failures; System Identification 
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Uncertainty analysis of fault-tree outputs 

Rushdi, A. M., King Abdulaziz University, Saudi Arabia; IEEE Transactions on Reliability; Dec 1, 1985; ISSN 0018-9529; R-34, 
pp. 458-462; In English; Copyright; Avail; Issuing Activity 

The multiaffine nature of the top-event probability as a function of component unavailability is recognized. This leads, under 
the assumption of statistically independent failures, to the derivation of an exact formula relating the variance of the system 
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unavailability to the variances of the component unavailability. Concise expressions for other central moments of the system 
unavailability are obtained. The variance formula par titions contributions due to the input var iables and their interactions, and 
can be used to rank these variables by au importance that is related to well known measures of statistical importance. The variance 
formula is extended to handle linear ly correlated input variables through the inclusion of certain joint central moment terms. 
AIAA 

Availability; Fault Trees; Partitions (Mathematics); Probability Theory; Reliability Analysis; Variance (Statistics) 


19860045366 

Failure analysis - Present concepts and future perspectives 

Raghuram, A. C., National Aeronautical Laboratory, India; Shamala, A. R., Indian Space Research Organization, Satellite Centre, 
India; Jan 1, 1986; 15p; In English; See also A86-29951; Copyright; Avail: Issuing Activity 

Aspects of failure analysis methodology are discussed, taking into account questions which arise with many failure problems, 
the common causes and defects in failure, the graphical technique provided by the ’fault tree’, the quantitative evaluation of the 
fault tree, and the applications of fault tree analysis. Attention is given to the tools and techniques used in failure analysis, a fault 
tree for a boiler tube failure, the role of fracture mechanics, storage and retrieval of failure data, a failure experience matrix, 
reliability and failure analysis, and the economics of quality performance. It is concluded that failure analysis and fracture 
mechanics when used in combination judiciously will help reduce incidence of failures and improve reliability of engineering 
structures in an economical way. 
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Fault tree analysis - Two case histories 

Strauss, B. M., Teledyne Engineering Services, USA; Damin, D. G„ E. I. du Pont de Nemours and Co., USA; Materials Evaluation; 
Aug 1, 1986; ISSN 0025-5327; 44, pp. 1132-113; In English; Copyright; Avail: Issuing Activity 

The technique of fault tree analysis and its relation to a nondestructive testing (NDT) inspection plan is introduced. The use 
of fault tree diagrams in conjunction with NDT encourages the use of predictive analysis rather than after-the-fact failure analysis, 
resulting in obvious cost benefits. Two case histories are cited. 
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19880005868 Naval Postgraduate School, Monterey, CA, USA 

Fault tree reliability analysis of the Naval Postgraduate School mi ni -satellite (ORION) 

Keeble, Trenton G., Naval Postgraduate School, USA; Sep 1, 1987; 82p; In English 
Report No. (s): AD-A186283; Avail; CASI; A05, Hardcopy; A01, Microfiche 

Fault tree analysis, which has proved to be a useful analytical tool for the reliability and safety analysis of complex systems, 
is applied to the Naval Postgraduate School Mini-Satellite (ORION). A general background to reliability analysis, fault tree 
analysis, and fault tree construction is given. Impact of a phased mission is included in the analysis. A fault tree for ORION is 
constructed and used to identify minimal cut sets and minimal path sets. The cuts sets and path sets are, in turn, used to calculate 
an estimate of ORION’s reliability to perform a three year mission. The reliability model was constructed in a Lotus 1-2-3 
spreadsheet to enable the designers to do what-if analysis. 
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19880015598 Brookhaven National Lab., Upton, NY, USA 

Applications of fault tree analysis to the design process 

Youngblood, R. W., Brookhaven National Lab., USA; Jan 1, 1988; lOp; In English 
Contract(s)/Grant(s): DE-AC02-76CH-000 16 

Report No.(s): DE88-007048; BNL-40839; CONF-880112-1; Avail: CASI; A02, Hardcopy; A01, Microfiche 

Fault tree analysis of a system can provide a complete characterization of system failure modes, i.e., what combinations of 
component failures can give rise to system failure. This can be applied to the design process at several levels: confirmatory 
analysis, in which a fault tree development is used to verify design adequacy, importance analysis, in which fault tree analysis 
is used to highlight system vulnerabilities, and design optimization, in which fault tree analysis is used to pick the least expensive 
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configuration from a collection of possibilities satisfying a given constraint. Experience shows that the complexity of real systems 
warrants the systematic and structured development of fault trees for systems whose failure can have severe consequences. 
DOE 
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Reliability analysis for a real non-coherent system 

Zhang, Qin; Mei, Qizhi, Qinghua University, USA; IEEE Transactions on Reliability; Oct 1, 1987; ISSN 0018-9529; R-36, pp. 
436-439; In English; Copyright; Avail: Issuing Activity 

This paper shows a real noncoherent system, calculates its unavailability, failure frequency, some measures for the element 
importance, and the optimum sequence for diagnosis and repair. The unique characteristic of its noncoherence is discussed. 
AIAA 
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Automated fault tree analysis via Ai/ES 

Kuzawinski, Karla M.; Smurthwaite, Richard, Xerox Corp., USA; Jan 1, 1988; 5p; In English; Annual Reliability and 
Maintainability Symposium, Jan. 26-28, 1988, Los Angeles, CA, USA; See also A88-43326; Copyright; Avail: Issuing Activity 
A description is given of FTA, an interactive fault tree analysis tool that integrates the creation of fault trees with the 
propagation of failure rates. This tool allows the engineer to create, modify and manipulate fault trees easily, and requires little 
instruction on how to use the software. The fault trees generated are directly used in the propagation of failure rates without having 
to exit from the design environment. FTA software runs on a Xerox 1100 series workstation and is written in INTERSLIP-D. The 
workstation has a large bit-mapped screen, and users interact with the workstation by input through a keyboard or selection by 
a mouse. 

AIAA 

Automatic Test Equipment; Expert Systems; Fault Trees; Maintainability; Reliability Analysis 


19890059119 Texas Univ., Austin, TX, USA 

Reliability database development for use with an object-oriented fault tree evaluation program 

Heger, A. Sharif, Texas Univ., USA; Harringtton, Robert J., Texas Univ., USA; Koen, Billy V., Texas, University, USA; 
Patterson-Hine, F. Ann, NASA Ames Research Center, USA; Jan 1, 1989; 5p; In English; Annual Reliability and Maintainability 
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38 
Contract(s)/Grant(s): NSF DMC-86- 15432; Copyright; Avail: Issuing Activity 

A description is given of the development of a fault-tree analysis method using object-oriented programming. In addition, 
the authors discuss the programs that have been developed or are under development to connect a fault-tree analysis routine to 
a reliability database, to assess the performance of the routines, a relational database simulating one of the nuclear power industry 
databases has been constructed. For a realistic assessment of the results of this project, the use of one of existing nuclear power 
reliability databases is planned. 

AIAA 

Data Bases; Fault Trees; Nuclear Power Plants; Object Programs; Object-Oriented Programming; Reliability Analysis 


19900006971 Sandia National Labs., Exploratory Batteries Div., Albuquerque, NM, USA 

Fault tree analysis: A tool for battery safety anti reliability' studies 

Levy, Samuel C„ Sandia National Labs., USA; Jan 1, 1989; 7p; In English; 5th; Annual Battery Conference on Applications and 
Advances, 16-18 Jan. 1990, Long Beach, CA, USA 
Contract(s)/Grant(s): DE-AC04-76DP-00789 

Report No.(s): DE90-002582; SAND-89-23 12C; CONF-900138-2; Avail: CASI; A02, Hardcopy; A01, Microfiche 

Fault tree analysis was used by engineers as a means of defining system failure. It provides a method of system examination 
which increases the level of understanding of the system and is helpful in logically determining the underlying causes of potential 
failures. A fault tree is composed of a number of symbols, describing different types of events, which are operated on by logic 
gates. Construction of a battery fault tree is discussed in terms of two types of event and two logic gates. An example is given of 
how fault tree analysis was used to determine the cause of a safety incident. A string of lithium cells on test for several years 
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suddenly vented violently. Fault tree analysis quickly pointed out the underlying faults leading to this event, and a means of 
prevention was suggested. 

DOE 

Electric Batteries; Fault Trees; Logic Circuits; Reliability; Systems Analysis 


19900038446 

A model for system reliability with common-cause failures 

Page, Lavon B.; Perry, Jo Ellen, North Carolina State University, USA; IEEE Transactions on Reliability; Oct 1, 1989; ISSN 
0018-9529; 38, pp. 406-410; In English; Copyright; Avail: Issuing Activity 

A model for the analysis of systems subject to common-cause failures is proposed. The system consists of a finite number 
of components that are subject to: (1) statistically independent failures, and (2) external failure causes (they need not be mutually 
statistically independent) for groups of components. Applications to fault-tree analysis and network reliability problems are 
discussed. 

AIAA 

Component Reliability; Failure Modes; Fault Trees; Reliability Engineering; Systems Engineering 
19910007082 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA 

Living PRAs (Probabilistic Risk Analysis) made easier with IRRAS (Integrated Reliability and Risk Analysis System) 

Russell, K. D„ Idaho National Engineering Lab., USA; Sattison, M. B., Idaho National Engineering Lab., USA; Rasmuson, D. 
M., Nuclear Regulatory Commission, USA; Jan 1, 1989; 33p; In English; 10th; International Conference on Structural Mechanics 
in Reactor Technology (SMIRT), 14-18 Aug. 1989, Anaheim, CA, USA 
Contract(s)/Grant(s): DE-AC07-76ID-0 1570 

Report No.(s): DE90-010938; EGG-M-89329; CONF-890855-60; Avail: CASI; A03, Hardcopy; A0 1, Microfiche 

The Integrated Reliability and Risk Analysis System (IRRAS) is an integrated PRA software tool that gives the user the 
ability to create and analyze fault trees and accident sequences using an IBM-compatible microcomputer. This program provides 
functions that range from graphical fault tree and event tree construction to cut set generation and quantification. IRRAS contains 
all the capabilities and functions required to create, modify, reduce, and analyze event tree and fault tree models used in the analysis 
of complex systems and processes. IRRAS uses advanced graphic and analytical techniques to achieve the greatest possible 
realization of the potential of the microcomputer. When the needs of the user exceed this potential, IRRAS can call upon the power 
of the mainframe computer. The role of the Idaho National Engineering Laboratory of the IRRAS program is that of software 
developer and interface to the user community. Version 1.0 of the IRRAS program was released in February 1987 to prove the 
concept of performing this kind of analysis on microcomputers. This version contained many of the basic features needed for fault 
tree analysis and was received very well by the PRA community. Since the release of Version 1.0, many user comments and 
enhancements have been incorporated into the program providing a much more powerful and user-friendly system. This version 
is designated IRRAS 2.0. Version 3.0 will contain all of the features required for efficient event tree and fault tree construction 
and analysis. 

DOE 

Architecture (Computers); Computer Graphics; Fault Trees; Reactor Safety; Reliability Analysis; Risk 


19910025515 

Quantification of risk of extreme and catastrophic events 

Haimes, Yacov Y.; Li, Duan, Virginia, University, USA; Sep 1, 1990; 4p; In English 
Report No.(s): AIAA PAPER 90-3772; Copyright; Avail: Issuing Activity 

Recent research results from fault-tree risk analysis of extreme events within a multiobjective framework are reported. In 
particular, the incorporation of the partitioned multiobjective risk method with fault-tree analysis is discussed. The use of a 
software package that is being developed for this purpose is presented, and its utility and advantages over existing fault-tree 
software packages are discussed. 

AIAA 

Computer Programs; Fault Trees; Risk; Systems Engineering 


19910046438 

Reliability analysis of redundant aircraft systems with possible latent failures 

Sharma, Tilak C.; Zilberman, Benyamin, Boeing Co., USA; Jan 1, 1990; 6p; In English; See also A91-31032; Copyright; Avail: 
Issuing Activity 
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A methodology has been developed to calculate unreliability of redundant airplane systems containing latent failures with 
differing inspection intervals. The usual assumption that all components are unfailed at the start of a flight is not valid for the 
airplane systems investigated. The analysis method consists of representing a redundant system either as a fault tree or a reliability 
block diagram. The bottom-up approach is recommended for the fault-tree representation where one starts from the lowest AND 
gate and calculates failure probability. The number obtained for the top fault-tree gate would represent the system failure 
probability in which the system logic and latency have been appropriately considered. Alternatively, for a system represented by 
a reliability block diagram, the top-down approach is recommended. 

AIAA 

Aircraft Parts; Fault Trees; Markov Processes; Quality Control; Redundant Components; Reliability Analysis 


19910046458 

Fault tree analysis - Using spreadsheet 

Liu, Ming C, Wichita State University, USA; Jan 1, 1990; 4p; In English; See also A91-31032; Copyright; Avail; Issuing Activity 
Design considerations are given for fault-tree analysis (FTA) using spreadsheet software. The objective is to demonstrate, 
by means of examples, how microcomputer spreadsheet software can be usedas an alternative to the mainframe commercial FTA 
package for designing the fault tree and performing tedious computations. Experiences in using this approach for FTA are 
described, and the sensitivity analysis of fault-tree research is addressed. 

AIAA 

Applications Programs (Computers); Fault Trees; Microcomputers; Reliability Engineering; System Failures 

19920050552 

How to use event sequence analysis tools for supporting concurrent engineering 
Jackson, Tyrone, Aerospace Corp., USA; Feb 1, 1992; lip; In English 
Report No.(s); AIAA PAPER 92-0973; Copyright; Avail; Issuing Activity 

The benefits of employing the event sequence analysis method as a better means of integrating reliability analysis with the 
design process are presented. An example analysis illustrates that the results provided by the methodology are the same as those 
found utilizing reliability block diagram analysis, failure modes and effects analysis, and fault tree analysis. The purpose is to 
demonstrate that the technique helps to broaden the prospective of reliability analysis by providing features which have 
multidiscipline application. 

AIAA 

Concurrent Engineering; Design Analysis; Production Engineering; Reliability Analysis; Sequential Analysis 

19920059448 

A technique for proper design and impact analysis of ’Event Sequencing’ for safety and availability 

Agarwala, Ajay S., Boeing Co., Helicopters Div., Philadelphia, USA; Jan 1, 1991; 5p; In English; Annual Reliability and 
Maintainability Symposium, Jan. 29-31, 1991, Orlando, FL, USA; See also A92-42051; Copyright; Avail: Issuing Activity 
This paper discusses 'Event Sequencing', that is, the requirement for certain events to occur in a particular order to achieve 
a desirable effect or to avoid an undesirable effect. Such requirements are often motivated by Functionality and Safety 
considerations. A simple structured technique is formed from a combination of Goal Tree Analysis and broad Fault Tree analysis 
to analyze 'Event Sequencing' in each operational mode. In addition, this technique provides an effective tool for managing and 
communicating the design requirements in a concurrent engineering environment involving complex designs with interactive 
functions. 

AIAA 

Availability; Design Analysis; Safety Devices; Sequencing; Systems Engineering 

19920073616 NASA Ames Research Center, Moffett Field, CA, USA 

Automatic translation of digraph to fault-tree models 

Iverson, David L., NASA Ames Research Center, USA; Jan 1, 1992; 9p; In English; Annual Reliability and Maintainability 
Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also A92-56201; Avail: Issuing Activity 

The author presents a technique for converting digraph models, including those models containing cycles, to a fault-tree 
format. A computer program which automatically performs this translation using an object-oriented representation of the models 
has been developed. The fault-trees resulting from translations can be used for fault-tree analysis and diagnosis. Programs to 
calculate fault-tree and digraph cut sets and perform diagnosis with fault-tree models have also been developed. The digraph to 
fault-tree translation system has been successfully tested on several digraphs of varying size and complexity. Details of some 
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representative translation problems are presented. Most of the computation performed by the program is dedicated to finding 
minimal cut sets for digraph nodes in order to break cycles in the digraph. Fault-trees produced by the translator have been 
successfully used with NASA’s Fault-Tree Diagnosis System (FIDS) to produce automated diagnostic systems. 

AIAA 

Fault Trees; Mathematical Models; Object-Oriented Programming 

19920073617 NASA Ames Research Center, Moffett Field, CA, USA 

Modular techniques for dynamic fault-tree analysis 

Patterson-Hine, F. A., NASA Ames Research Center, USA; Dugan, Joanne B., Duke University, USA; Jan 1, 1992; 7p; In English; 
Annual Reliability and Maintainability Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also 
A92-56201 

Contract(s)/Grant(s): NAC2-478; Copyright; Avail; Issuing Activity 

It is noted that current approaches used to assess the dependability of complex systems such as Space Station Freedom and 
the Air Traffic Control System are incapable of handling the size and complexity of these highly integrated designs. A novel 
technique for modeling such systems which is built upon current techniques in Markov theory and combinatorial analysis is 
described. It enables the development of a hierarchical representation of system behavior which is more flexible than either 
technique alone. A solution strategy which is based on an object-oriented approach to model representation and evaluation is 
discussed. The technique is virtually transparent to the user since the fault tree models can be built graphically and the objects 
defined automatically. The tree modularization procedure allows the two model types, Markov and combinatoric, to coexist and 
does not require that the entire fault tree be translated to a Markov chain for evaluation. This effectively reduces the size of the 
Markov chain required and enables solutions with less truncation, making analysis of longer mission times possible. Using the 
fault-tolerant parallel processor as an example, a model is built and solved for a specific mission scenario and the solution approach 
is illustrated in detail. 

AIAA 

Computer Systems Design; Fault Tolerance; Fault Trees; Object-Oriented Programming; Parallel Processing (Computers); 
Reliability Engineering 


19920073618 

Approximate fault-tree analysis without cut sets 

Schneeweiss, Winfrid G., Femuniversitaet, Germany; Jan 1, 1992; 6p; In English; Annual Reliability and Maintainability 
Symposium, Jan. 21-23, 1992, Las Vegas, NV, USA; Sponsored by IEEE; See also A92-56201; Copyright; Avail: Issuing Activity 
It is shown that a rather efficient approximate fault tree analysis is possible on the basis of the Shannon decomposition. The 
main advantages are; (1) no preprocessing is necessary to determine all the mincuts; (2) the maximum error can be prespecified; 
and (3) noncoherent systems and systems with dependent component states can be treated. The main disadvantage is the fact that 
the cutting off of certain subtrees of the decomposition tree (for upper bound results) may need some trial and error test 
calculations. 

AIAA 

Boolean Algebra; Fault Trees; Reliability Analysis 

19970016788 California Univ., Engineering Systems Research Center, Berkeley, CA USA 

Failure Models Derived Through the Indifference Principle (UCB-ENG-8293) Final Report, 1 Oct. 1992 - 31 Mar. 1996 

Barlow, Richard E., California Univ., USA; Mar. 1996; 7p; In English 
Contract(s)/Grant(s): F49620-93- 1-0011; AF Proj. 2304 

Report No.(s): AD- A3 15265; AFOSR-TR-96-0489; No Copyright; Avail: CASI; A02, Hardcopy; A01, Microfiche 

This draft of a new book entitled ENGINEERING RELIABILITY concerns failure data analysis, the economics of 
maintenance policies and system reliability. The purpose of this book is to develop the use of probability in engineering reliability 
and maintenance problems. We use probability models in the (1) analysis of failure data; (2) decision relative to planned 
maintenance; and (3) prediction relative to preliminary design. Engineering applications are emphasized and are used to motivate 
the methodology presented. Part 1 is devoted to the analysis of failure data, particularly lifetime data and failure counts. We begin 
by using a new approach to probability applications. The approach starts with finite populations and derives conditional 
probability models based on engineering and economic considerations. Infinite population conditional probability models most 
often used are approximations to these finite population models. The derived conditional probability models are then the basis 
for likelihood functions useful for the analysis of failure data. Part 2 is devoted to the economics of maintenance decisions. We 
begin with the economics of replacement decisions. Emphasis is on the time value of money and discounting. Then we consider 
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inspection policies relative to operating systems and production sampling. Part 3 is devoted to system reliability. We begin with 
efficient algorithms for computing network reliability. Networks or block diagrams are abstract system representations useful for 
both reliability prediction and maintenance considerations. Availability and maintainability formulas are derived and used in 
applications. Fault tree analysis as presented is one of the most useful tools in identifying system failure modes and effects. 
DTIC 

Failure Analysis; Failure Modes; Performance Prediction; Probability Theory; Reliability Engineering; System Failures 
19980002720 NERAC, Inc., Tolland, CT USA 

Reliability; Mathematical Techniques. (Latest citations front the NTIS Bibliographic Database) 

Jan. 1997; In English; Page count unavailable. Supersedes PB96-864442 

Report No.(s): PB97-855290; Copyright Waived; Avail; Issuing Activity (Natl Technical Information Service (NTIS)), 
Microfiche 

The bibliography contains citations concerning mathematical, statistical, and logic techniques used to develop reliability 
prediction theories and systems. Topics include fault tree analysis, life testing, failure analysis, probability theory, maximum 
likelihood estimation, and Bayesian analysis. Computer modeling, simulation, and related programming are discussed. (Contains 
50-250 citations and includes a subject term index and title list.) 

NTIS 

Bibliographies; Reliability Analysis; Performance Prediction; Statistical Analysis; Prediction Analysis Techniques; 
Mathematical Logic 

19980016089 NERAC, Inc., Tolland, CT USA 

Reliability : Mathematical Techniques. (Latest Citations from the NTIS Bibliographic Database) 

Mar. 1996; In English; Page count unavailable. 

Report No.(s): PB96-864442; Copyright Waived; Avail: Issuing Activity (Natl Technical Information Service (NTIS)), 
Microfiche 

The bibliography contains citations concerning mathematical, statistical, and logic techniques used to develop reliability 
prediction theories and systems. Topics include fault tree analysis, life testing, failure analysis, probability theory, maximum 
likelihood estimation, and Bayesian analysis. Computer modeling, simulation, and related programming are discussed. 

NTIS 

Bibliographies; Reliability; Failure Analysis; Fault Trees; Mathematical Logic; Performance Prediction 

19980032455 

Reliability of composite structures with multi-design criteria 

Shiao, Michael C., NYMA, Inc., USA; Chamis, Christos C, NASA Lewis Research Center, USA; 1994, pp. 606-615; In English 
Report No.(s): AIAA Paper 94-1382; Copyright; Avail: Aeroplus Dispatch 

The system (combined) reliability of a composite structure for multidesign criteria is computationally simulated. System 
reliability calculation is achieved by probabilistic fault tree analysis with adaptive important sampling (AIS) simulation method. 
Two types of AIS simulations are performed. One is based on approximated failure (limit state) functions. Another one is based 
on finite element analysis. Three performance criteria are used for demonstration: structural frequency range, safety margin for 
stress, and displacement constraint. A probabilistic fault tree analysis using AIS methods for system reliability calculation 
considering failure function dependency is demonstrated. It is found that, for this specific example, the system reliabilities 
calculated using both AIS approaches agree well to each other. However, the computational time for AIS with approximated 
failure functions is ten times less than that for AIS with finite element analysis. 

Author (AIAA) 

Reliability Analysis; Composite Structures; Structural Design Criteria 


19980087666 

IEEE Annual Reliability and Maintainability Symposium, Philadelphia, PA, jan. 13-16, 1997, Proceedings 

1997; In English; ISBN 0-7803-3783-2; Copyright; Avail: AIAA Dispatch 

The present conference discusses reliability and maintainability (R&M)-related topics in the fields of concurrent engineering, 
quality assurance, aerospace industry maintenance and aircraft performance, fault-tree modeling, fault-tree analysis automation, 
reliability of commercial components, life cycle reliability assessment, software reliability, and commercial off-the-shelf 
equipment for military systems. Also discussed are R&M simulation processes in network and large-systems design, Weibull and 
Monte Carlo simulations in computer-aided engineering, stress testing for circuit surface mounts, fault tolerance techniques for 
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safety-critical applications, system reliability modeling via Markov chains and search algorithms, quality-oriented design using 
the Shewhart X-bar chart and neural networks, and system maintenance considerations. 

AIAA 

Conferences; Reliability Analysis; Maintainability; Concurrent Engineering 


19980120613 

Continuous state reliability analysis 

Yang, Kai, Wayne State Univ., USA; Xue, Jianan, Wayne State Univ., USA; 1996, pp. 251-257; In English 
Contract(s)/Grant(s): NSF DMI-95-00126; Copyright; Avail; Aeroplus Dispatch 

We extend binary state reliability analysis to continuous state reliability analysis. This extension enables us to analyze both 
catastrophic failure and performance degradation simultaneously. The modeling of degradation is based on independent 
increment random process or normal random process. Regression analysis is used to estimate degradation parameters. State tree 
method is introduced to conduct system reliability analysis for both degradation and catastrophic failure. ANOVA and DOE 
techniques are used to assess the criticality of product parameters or components to performance degradation. 

Author (AIAA) 

Reliability Analysis; Regression Analysis; Fault Trees; Failure Modes 


19980160655 

1994 Annual Reliability and Maintainability Symposium; Proceedings, Anaheim, CA, Jan. 24-27, 1994 

1994; In English 

Report No.(s): ISSN 0149-144X; ISBN 0-7803-1786-6; Copyright; Avail: Aeroplus Dispatch 

The present volume on reliability and maintainability (R&M) discusses built-in-test and testability; safety and quality 
systems, environment and life testing; and Fault-Tree analysis tools and applications. Attention is given to effective 
reliability-growth models and applications; test and evaluation; system-reliability modeling; and risk-assessment and tradeoff 
techniques for space systems. Other topics addressed include concurrent-engineering enabling technologies; R&M requirements; 
failure modes and effects analysis; and application of fuzzy logic to reliability and maintainability. 

AIAA 

Conferences; Reliability Analysis; Quality Control; Aerospace Industry 

19980160711 

1994 Annual Reliability and Maintainability Symposium, Tutorial Notes, Anaheim, CA, Jan. 24-27, 1994 

1994; In English; Copyright; Avail; Aeroplus Dispatch 

Various papers on reliability and maintainability are presented. Individual topics addressed include: subroutines for product 
assurance; failure mode, effects, and criticality analysis; what Markov modeling can do for you; basic reliability; management, 
models, and standards for reliability growth; basic maintainability; practical reliability engineering and management; current 
practices in reliability-based probabilistic risk assessment; overview of concurrent engineering; understanding part failure 
mechanisms. Also discussed are; software reliability concepts; basic fault-tree analysis; design for reliability; probabilistic models 
and statistical methods in reliability; concepts of the statistical design of experiments; using the Taguchi method for improved 
reliability; reliability modeling using practical iterative techniques; fault-tolerant computing; experimental analysis of computer 
system dependability. 

AIAA 

Conferences; Maintainability; Reliability Engineering 


19980170799 

Reliability analysis for integrated navigation systems 

Wang, Zengxi, Nanjing Univ. of Aeronautics and Astronautics, China; Nanjing University of Aeronautics and Astronautics, 
Journal; Apr. 1995; ISSN 1005-2615; Volume 27, no. 2, pp. 206-214; In Chinese; Copyright; Avail: Aeroplus Dispatch 

This paper analyses the reliability of GPS/INS/RA integrated navigation systems via the Fault Tree Analysis (FTA) method. 
We establish the fault trees with the fault of integrated navigation systems as the top event and the fault of the altitude tunnel as 
the top event separately, which provides an intuitive and effective approach to the analysis of the reliability of integrated 
navigation systems. On the basis of the resultant fault trees, the mathematical model of the system reliability is derived. 
Furthermore, every state of integrated sensors in the maintainable integrated navigation systems is analyzed using Markov process 
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theory, and the state translation diagram is presented. Finally, the corresponding mathematical models of the availability A and 
MTBF are yielded, which are valuable in the quantitative evaluation of the system reliability. 

Author (AIAA) 

Inertial Navigation; Reliability Engineering; Fault Trees 


19980175168 

1995 Annual Reliability and Maintainability Symposium, Tutorial Notes, Washington, DC, Jan, 16-19, 1995 

1995; In English; Copyright; Avail: Aeroplus Dispatch 

Tutorial papers are presented on Failure Mode, Effects, and Criticality Analysis (FMECA); an introduction to Markov 
modeling; basic reliability; management, models, and standards for reliability growth; practical maintainability; practical 
reliability engineering and management; reliability prediction for the next generation; an overview of concurrent engineering; 
reliability program planning in a commercial environment; software reliability and quality; and basic fault-tree analysis. Papers 
are also presented on an overview of human reliability, probabilistic models and statistical methods in reliability, an introduction 
to benchmarking, the application of accelerated testing techniques in design and production, concepts of statistical design of 
experiments, the use of the Taguchi method for improved reliability, reliability modeling using practical iterative techniques, 
fault-tolerant computing, the experimental analysis of computer system dependability, and understanding part failure 
mechanisms. 

AIAA 

Conferences; Reliability; Maintainability 


19990044304 

Fault Tree Analysis for igniting the sequential circuit and emergency cut-off circuit of a launch vehicle control system 

Yang, Shunagjin, Beijing Aerospace Automatic Control Inst., China; Liu, Zhiqing, Beijing Aerospace Automatic Control Inst., 
China; Aerospace Control; Jun. 1998; ISSN 1006-3242; Volume 16„ no. 62, pp. 46-53; In Chinese; Copyright; Avail: AIAA 
Dispatch 

By using Fault Tree Analysis (FTA) technology, we have analyzed the igniting sequential circuit and the emergency cut-off 
circuit of a launch vehicle control system. Some problems are found through FTA, even though some reliability design methods 
have been applied to the circuit design, for example, 2/3 vote. For these, improvement methods and suggestions are proposed. 
Author (AIAA) 

Fault Trees; Ignition; Sequential Control; Launch Vehicles 

19990056022 

1999 Annual Reliability and Maintainability Symposium, Washington, DC, Jan. 18-21, 1999, Tutorial Notes 

1999; In English 

Report No.(s): ISSN 0897-5000; Copyright; Avail; AIAA Dispatch 

Various papers on reliability and maintainability are presented. Some individual topics addressed are: failure modes, effects, 
and criticality analysis; product reliability through stress testing; fault-tree analysis of computer-based systems; intelligent use 
of regression analysis; practical reliability engineering and management; risk assessment in human reliability analysis; case 
studies of uncertainty analysis in reliability and risk assessment; using reliability tools in the new product development process; 
basic reliability; reliability prediction; reliability programming planning in a commercial environment; and understanding 
electronic-part failure mechanisms. Also considered are: product, process, and accelerated stress testing in benchmarking; 
simulation modeling for reliability analysis; software fault tolerance; understanding Weibull analysis; statistical analysis of 
reliability, maintainability, and supportability data; software engineering of critical software tools; introduction to software 
reliability engineering; and reliability-centered maintenance. 

AIAA 

Conferences; Reliability Analysis; Maintainability; Reliability Engineering 


19990056038 

Annual Reliability and Maintainability Symposium, Washington, DC, Jan, 18-21, 1999, Proceedings 

1999; In English 

Report No.(s): ISBN 0-7803-5143-6; ISBN 0-7803-5 143-6@ISSN 0149-1; Copyright; Avail: AIAA Dispatch 

The present volume on reliability and maintainability discusses reliability for space applications; failure modes, effects, and 
criticality analysis; reliability prediction; accelerated testing and stress screening; maintenance optimization; and fault-tree 
analysis. Attention is given to methods in reliability analysis; risk assessment; software reliability; modeling for design 
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improvement; test and demonstration; and risk management. Specific topics addressed include rocket-engine control-system 
reliability-enhancement analysis; equivalence relations within the failure modes and effects analysis; an electronic-module 
environmental-stress-screening data-evaluation technique; the effect of failure-distribution specification errors on maintenance 
costs; a design image for automatic synthesis of fault trees; reliability analysis of systems which operate in duty cycles; and Bayes 
analysis for system-reliability inferences. 

AIAA 

Conferences; Reliability Analysis; Maintenance; Failure Analysis 

19990069924 Hernandez Engineering, Inc., Huntsville, AL USA 

Beauty and The Beast: Use and Abase of the Fault Tree as a Tool 

Long, R. Allen, Hernandez Engineering, Inc., USA; 1999; lOp; In English; Systems Safety, 16-21 Aug. 1999, Orlando, FL, USA 
Contract(s)/Grant(s): NAS8-40364; No Copyright; Avail; Issuing Activity, Hardcopy 

Fault Tree Analysis (FTA) has become a popular too[ for use in the Space Industry for the System Safety Engineer. The fault 
tree is used for everything from tracking hazard reports to investigating accidents, as well as presentations to management. Yet, 
experience in the space industry has shown the fault tree is used most often for purposes other than its original intent, namely for 
evaluating inappropriate behavior in complex systems This paper describes proper application and common misapplications of 
the fault tree as a too[ when evaluating inappropriate behavior in complex systems. The paper addresses common misconceptions 
and pitfalls about FrA such as tracking only failures, and the belief that Failure Modes and Effects Analysis (FMEA) can be used 
in lieu of the fault tree. 

Author 

Failure Analysis; Trees (Mathematics); Complex Systems 

19990090861 

Sensitivity analysis and design of observer-based fault diagnosis systems 

Ding, S. X., FH Lausitz, Germany; leinsch, T.; Ding, E. L.; Systems Science; 1998; ISSN 0137-1223; Volume 24, no. 1, pp. 51-71; 
In English; Copyright; Avail; Issuing Activity 

Problems related to observer-based FDI for uncertain dynamic systems are studied. The core of this study is a sensitivity 
analysis used for the performance evaluation and an optimization of observer-based FDI systems. Some new results in design and 
analysis of observer-based FDI systems are presented. 

Author (El) 

Warning Systems; Sensitivity; Diagnosis 
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STRUCTURAL MECHANICS 

Includes structural element design, analysis and testing; dynamic responses of structures; weight analysis; fatigue and other 
structural properties; and mechanical and thermal stresses in structure. For applications see 05 Aircraft Design, Testing and 
Performance and 18 Spacecraft Design, Testing and Performance. 

19980127608 

Design of a framed building using a probabilistic fault tree analysis method 

Chen, F. C., Tennessee State Univ., Nashville, USA; Onwubiko, C., Tennessee State Univ., Nashville; Onyebueke, L. C., 
Tennessee State Univ., Nashville; 1996, pp. 2504-2510; In English 
Contract(s)/Grant(s): NAG3- 1479 

Report No.(s): AIAA Paper 96-1608; Copyright; Avail; Aeroplus Dispatch 

This paper shows the application of the probabilistic fault tree analysis (PFTA) method to the design of a framed structure. 
The PFTA includes the development of a fault tree to represent the system, construction of an approximation function for bottom 
events, computation of sensitivity factors of design variables, and the calculation of the system reliability. The effect of uncertainty 
in the design parameters is quantified by changing the standard deviation of some of the design parameters and recomputing the 
probability of failure. The computer code employed for the analyses is NESSUS (Numerical Evaluation of Stochastic Structure 
Under Stress). A design example is presented. The importance of considering geometry among the random variables in structural 
design is quantified. 

Author (AIAA) 

Frames; Structural Design; Probability Theory; Fault Trees; Structural Analysis 
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19980192754 

An assessment method for blade vibration reliability 

Ou, Yangde, Beijing Univ. of Aeronautics and Astronautics, China; Kong, Ruilian, Beijing Univ. of Aeronautics and Astronautics, 
China; Song, Zhaohong, Beijing Univ. of Aeronautics and Astronautics, China; Journal of Aerospace Power; Apr. 1998; ISSN 
1000-8055; Volume 13, no. 2, pp. 161-164; In Chinese; Copyright; Avail: Aeroplus Dispatch 

A method is presented to assess the vibration reliability for blade design. The method, which is based on the Campbell diagram 
and the PFTA (Probability Fault Tree Analysis) concept, is used to improve conventional assessment methods and to develop an 
effective method for resonance identification and assessment of the characteristics of a blade resonance system that consists of 
multiple resonant interception on the Campbell diagram at or near the operating speed. This PFTA analysis is useful for improving 
the vibration characteristics of this blade and in eliminating blade failure from vibration fatigue. 

Author (AIAA) 

Structural Vibration; Turbine Blades; Fault Trees; Resonant Vibration; Aircraft Engines; Reliability Analysis 


19990075078 

Study on modular fault tree analysis technique with cut sets matrix method 

Chen, Jinshui, Tianjin Univ., China; Zhang, Li; Cai, Huiming; Zhang, Chengpu; Chinese Journal of Mechanical Engineering 
(English Edition); Jun, 1998; ISSN 1000-9345; Volume 11, no. 2, pp. 81-88; In English; Copyright; Avail: Issuing Activity 
A new fault tree analysis (FTA) computation method is put forth by using modularization technique in FTA with cut sets 
matrix, and can reduce NP (Nondeterministic polynomial) difficulty effectively. This software can run in IBM-PC and DOS 3.0 
and up. The method provides theoretical basis and computation tool for application of FTA technique in the common engineering 
system. 

Author (El) 

Matrix Theory; Computation; Polynomials; Computer Programs 
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ENERGY PRODUCTION AND CONVERSION 

Includes specific energy conversion systems, e.g., fuel cells; and solar, geothermal, windpower, and watetwave conversion systems; 
energy storage; and traditional power generators. For technologies related to nuclear energy production see 73 Nuclear Physics. For 
related information see also 07 Aircraft Propulsion and Power; 20 Spacecraft Propulsion and Power, and 28 Propellants and Fuels. 


19810011109 Aeronautical Research Inst, of Sweden, Structures Dept., Stockholm., USA 

Study of Wind Energy Conversion Systems (WECS) in a farm area and WECS safety limit requirements. Minutes from 
expert meeting BE A, research and development WECS, annex one, subtask A1 

Eggwertz, S., Aeronautical Research Inst, of Sweden, USA; Jun 1, 1980; 114p; In English; In Dutch; IEA WECS Sub-Task A1 
Meeting, 25 Feb. 1980, Stockholm, Sweden 
Contract(s)/Grant(s): SWEDBESD-5060-60 1 

Report No.(s): FFA-TN-HU-2218; Avail: CASI; A06, Hardcopy; A02, Microfiche 

The proceedings include the description of two 2500 kW windmill prototypes, safety studies performed in several countries, 
and a contribution concerning fault tree analysis and load case recommendations. The introduction of safe zone, the crack 
detection system, and operation during icing conditions are discussed. 

CASI 

Conferences; Energy Policy; Safety Factors; Windmills (Windpowered Machines); Windpower Utilization 


19810040027 

Availability modeling methodology applied to solar power systems 

Unione, A.; Bums, E.; Husseiny, A„ Science Applications, Inc., USA; Solar Energy; Jan 1, 1981; 26, 1, 19, pp. 1981; In English; 
p. 55-; Copyright; Avail: Issuing Activity 

Availability is discussed as a measure for estimating the expected performance for solar- and wind-powered generation 
systems and for identifying causes of performance loss. Applicable analysis techniques, ranging from simple system models to 
probabilistic fault tree analysis, are reviewed. A methodology incorporating typical availability models is developed for 
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estimating reliable plant capacity. Examples illustrating the impact of design and configurational differences on the expected 
capacity of a solar- thermal power plant with a fossil-fired backup unit are given. 

AIAA 

Electric Power Plants; Fault Trees; Mathematical Models; Solar Energy Conversion 


19890001929 Sandia National Labs., Exploratory Batteries Div., Albuquerque, NM, USA 

Reliability analysis of lithium cells 

Levy, Samuel C., Sandia National Labs., USA; Bro, Per, Southwest Electrochemical Co., USA; Jan 1, 1988; 16p; In English; 4th; 
International Meeting on Lithium Batteries, 23 May 1988, Vancouver, British Columbia, Canada 
Contract(s)/Grant(s): DE-AC04-76DP-00789 

Report No.(s): DE88-009258; SAND-87-2129C; CONF-880598-2; Avail: CASI; A03, Hardcopy; A01, Microfiche 

Fault tree analysis has been used for many years in safety and reliability analyses of nuclear reactors and other large systems. 
This technique can also be useful in the design of high reliability lithium cells/batteries and in improving the reliability of existing 
designs. The basic building blocks of a fault tree are discussed and an example, using the lithium-sulfur cell, is given. 

DOE 

Electrochemical Cells; Fault Trees; Reliability Analysis 


19920013534 Gates Aerospace Batteries, Gainesville, FL, USA 
Fault tree analysis: MH2 aerospace cells for LEO mission 

Klein, Glenn C, Gates Aerospace Batteries, USA; Rash, Donald E„ Jr., Reliability Analysis Center, USA; NASA. Marshall Space 
Flight Center, The 1991 NASA Aerospace Battery Workshop; Feb 1, 1992, pp. p 779-807; In English; See also N92-22740 13-44; 
AvaiE CASI; A03, Hardcopy; A 10, Microfiche 

The Fault Tree Analysis (FTA) is one of several reliability analyses or assessments applied to battery cells to be utilized in 
typical Electric Power Subsystems for spacecraft in low Earth orbit missions. FTA is generally the process of reviewing and 
analytically examining a system or equipment in such a way as to emphasize the lower level fault occurrences which directly or 
indirectly contribute to the major fault or top level event. This qualitative FIA addresses the potential of occurrence for five 
specific top level events; hydrogen leakage through either discrete leakage paths or through pressure vessel rupture; and four 
distinct modes of performance degradation - high charge voltage, suppressed discharge voltage, loss of capacity, and high 
pressure. 

CASI 

Degradation; Electric Discharges; Fault Trees; Nickel Hydrogen Batteries; Reliability Analysis; Spacecraft Orbits; Spacecraft 
Power Supplies 
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MAN/SYSTEM TECHNOLOGY AND LIFE SUPPORT 

Includes human factors engineering; bionics, man-machine, life support, space suits and protective clothing. For related information 
see also 16 Space Transportation and 52 Aerospace Medicine.. 


19751)023679 Army Materiel Command, Intern Training Center., Texarkana, TX, USA 

System safety evaluation of life support systems for chemical and biological protective suits Final Report 

Belmonte, R. B., Army Materiel Command, USA; Apr 1, 1975; 84p; In English 

Report No.(s): AD-A009312; USAMC-ITC-02-08-75-401; Avail: CASI; A05, Hardcopy; A01, Microfiche 

The paper presents a system safety analysis of two air supply sub-systems which are to be used with a chemical and biological 
protective suit system. The backpack assembly sub-system has been developed and tested already, whereas the remote air supply 
apparatus has not yet been developed. The system safety analysis of each air supply sub-system includes mission analysis, 
preliminary hazard analysis, failure mode and effect analysis, flow analysis and fault tree analysis. A reliability model and block 
diagram of each sub-system is also included. The results of these analyses indicate that with proper maintenance and trained 
personnel the safety provided by these sub-systems should be acceptable. 

DTIC 

Breathing Apparatus; Life Support Systems; Protective Clothing 
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19860021752 Edgerton, Germeshausen and Grier, Inc., System Safety Development Center., Idaho Falls, ID, USA 

Impact of the human on system safety analysis 

Nertney, R. J„ Edgerton, Germeshausen and Grier, Inc., USA; Horman, R. L., Edgerton, Germeshausen and Grier, Inc., USA; Sep 
1, 1985; 34p; In English 
Contract(s)/Grant(s): DE-AC07-76ID-01570 

Report No.(s): DE86-008182; SSDC-32; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The impact of the human and human reliability on the results of probabilistic risk assessment studies is discussed in terms 
of some of the standard models used in risk quantification. Three levels of analysis are considered: (1) identification of areas where 
the human affects the operational risks; (2) rough scaling and quantification of the effect of the human on operational outcome; 
and (3) complete quantification of the risks including consideration of human reliability. 

DOE 

Error Analysis; Fault Trees; Human Performance; Probability Theory; Reliability Analysis; Risk; Safety 


59 

MATHEMATICAL AND COMPUTER SCIENCES (GENERAL) 

Includes general topics and overviews related to mathematics and computer science. For specific topics in these areas see 
categories 60 through 67. 

19770066869 

National Computer Conference, Dallas, Tex., June 13-16, 1977, Proceedings 

Korfhage, R. R„ Southern Methodist University, USA; Jan 1, 1977; 1039p; In English; National Computer Conference, June 
13-16, 1977, Dallas, TX; Sponsored by AFIPS; Copyright; Avail: Issuing Activity 

Computer data base administration, the selection of computer architectures, communication networks using 
packet-switching, and applications of computing techniques to such topics as clinical research, graphics, information services and 
transportation networks ate discussed. Subjects of the papers include fault tree analysis of computer systems, a technique for 
automatic acquisition of three-dimensional data, the evaluation of computer architectures through test programs, microprocessor 
architectures, the impact of microprocessors on health care, computer hardware design, a comprehensive computer base of 
information on petroleum resources, modular multimicroprocessors, software acquisition, the design and implementation of an 
information base for use in decision-making, and a multimicroprocessor approach to high-speed low-cost continuous-system 
simulations. 

AIAA 

Architecture (Computers); Computer Networks; Computer Systems Design; Computer Techniques; Conferences; Data Bases 
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COMPUTER OPERATIONS AND HARDWARE 

Includes hardware for computer graphics, firmware and data processing. For components see 33 Electronics and Electrical 
Engineering. For computer vision see 63 Cybernetics, Artificial Intelligence and Robotics. 

19720006565 Jet Propulsion Lab., California Inst, of Tech., Pasadena, CA, USA 

Program listing for fault tree analysis of JPL technical report 32-1542 

Chelson, P. O., Jet Propulsion Lab., California Inst, of Tech., USA; Dec 1, 1971; 35p; In English 

Contract(s)/Grant(s): NAS7-100 

Report No.(s): NASA-CR- 125064; JPL-TM-33-512; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The computer program listing for the MAIN program and those subroutines unique to the fault tree analysis are described. 
Some subroutines are used for analyzing the reliability block diagram. The program is written in FORTRAN 5 and is running on 
aUNIVAC 1108. 

CASI 

Computer Programs; FORTRAN; Light Emitting Diodes; Trees (Mathematics); Univac 1108 Computer 

19720007535 Douglas United Nuclear, Inc., Richland, WA, USA 

Fault tree simulation computer program 

Crosetti, P. A., Douglas United Nuclear, Inc., USA; Jun 1, 1971; 28p; In English 
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Contract(s)/Grant(s): AT(45- 1)- 1857 

Report No.(s): DUN-7697; Avail; CASI; A03, Hardcopy; A01, Microfiche 

Fault tree analysis provides a deductive functional development of a specific final undesired event through logic statements 
of the conditions which could cause the event. The usefulness of fault tree analysis is greatly enhanced through quantitative 
analysis or probability evaluation of the fault trees to provide a more objective basis for evaluating and improving the systems 
and to improve the precision of performance measurements and trade-off studies. Since a primary use for the fault tree method 
is to determine the more significant contributions to the probability of causing the undesired event, a feasible approach to 
probabilistic evaluation of the trees is to concentrate the effort on the dominant paths. This can be accomplished using Monte Carlo 
simulation, the simulation being performed on a computer using an event logic simulation program. The computer program 
discussed was prepared and used for quantitative evaluation of fault tree models as a tool for evaluating the functional performance 
of nuclear reactor protective systems in terms of system reliability and availability. 

CASI 

Computerized Simulation; Electrical Faults; Monte Carlo Method; Reactor Safety 

19720040352 

A moment method for the calculation of a confidence interval for the failure probability of a system, 

Murchland, J. D.; Weber, G. G., Karlsruhe, Universitaet, Germany; Jan 1, 1972; 13p; In English; Annual Reliability and 
Maintainability Symposium, January 25-27, 1972, San Francisco, CA; See also A72-23972 10-15; Copyright; Avail: Issuing 
Activity 

The system considered consists of a number of components, which are basically interconnected. The method developed is 
an extension of an analytic evaluation approach regarding the failure probability. The analytic approach places a restriction on 
the degree of complexity of the fault-trees which can be handled. Aspects of fault-tree analysis are discussed, giving attention 
to explicit Boolean polynomials and probability polynomials. Nonrepayable and repairable components are considered. 

AIAA 

Complex Systems; Confidence Limits; Failure Analysis; Probability Theory; Reliability Analysis; Trees (Mathematics) 


19840054984 

Fault tolerance in binary tree architectures 

Raghavendra, C. S., Southern California, University, USA; Avizienis, A.; Ercegovac, M. D., California, University, USA; IEEE 
Transactions on Computers; Jun 1, 1984; ISSN 0018-9340; C-33, pp. 568-572; In English 
Contract(s)/Grant(s): N00014-79-C-0866; Copyright; Avail; Issuing Activity 

Binary tree network architectures are applicable in the design of hierarchical computing systems and in specialized 
high-performance computers. In this correspondence, the reliability and fault tolerance issues in binary tree architecture with 
spares are considered. Two different fault-tolerance mechanisms are described and studied, namely: (1) scheme with spares; and 
(2) scheme with performance degradation. Reliability analysis and estimation of the fault-tolerant binary tree structures are 
performed using the interactive ARIES 82 program. The discussion is restricted to the topological level, and certain extensions 
of the schemes are also discussed. 

AIAA 

Architecture (Computers); Circuit Reliability; Computer Systems Design; Fault Tolerance; Fault Trees; Reliability Analysis 

19850042075 

Evaluating response time In a faulty distributed computing system 

Garcia-Molina, H.; Kent, J„ Princeton University, USA; IEEE Transactions on Computers; Feb 1, 1985; ISSN 0018-9340; C-34, 
pp. 101-109; In English 

Contract(s)/Grant(s): NSF ECS-80- 19393; Copyright; Avail; Issuing Activity 

This paper presents an evaluation technique which is useful for studying both the performance and the reliability of a 
distributed computing system. The distributed system is evaluated from the point of view of a user who submits a request for 
service. The proposed technique computes the average time to successful completion of this request, taking into account the 
system failures or repairs which may occur before the request is completed. Given a model of the system and its failures, the 
performance-reliability measures are computed in an automatic numerical fashion. The technique is computationally intensive, 
so it is limited to relatively small systems. However, it can produce results for many interesting cases without an inordinate amount 
of computation. 

AIAA 

Computer Systems Performance; Distributed Processing; Fault Trees; Reliability Analysis; Response Time (Computers) 
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61 

COMPUTER PROGRAMMING AND SOFTWARE 


Includes software engineering, computer programs, routines, algorithms, and specific applications, e.g., CAD! CAM. For computer 
software applied to specific applications, see also the associated category. 


19750060156 
Fault tree graphics 

Bass, L.; Wynholds, H. W.; Porterfield, W. R„ Lockheed Missiles and Space Co., Inc., USA; Jan 1, 1975; 6p; In English; Annual 
Reliability and Maintainability Symposium, January 28-30, 1975, Washington, DC; See also A75-44202 22-38; Copyright; Avail: 
Issuing Activity 

Described is an operational system that enables the user, through an intelligent graphics terminal, to construct, modify, 
analyze, and store fault trees. With this system, complex engineering designs can be analyzed. This paper discusses the system 
and its capabilities. Included is a brief discussion of fault tree analysis, which represents an aspect of reliability and safety 
modeling. 

AIAA 

Complex Systems; Computer Graphics; Failure Analysis; Reliability Engineering 

19760014845 Atlantic Richfield Hanford Co., Richland, WA, USA 

ALLCUTS: A fast, comprehensive fault tree analysis code 

Vanslyke, W. J., Atlantic Richfield Hanford Co., USA; Griffing, D. E., Atlantic Richfield Hanford Co., USA; Jul 1, 1975; 133p; 
In English 

Contract(s)/Grant(s): E(45-l)-2130 

Report No.(s): ARH-ST-112; Avail; CASI; A07, Hardcopy; A02, Microfiche 

A description, user instructions, and a source program listing are presented for ALLCUTS, a FORTRAN computer code for 
fault tree analysis. The code was specifically designed to be easy to use as well as fast, versatile, and powerful. It may easily be 
modified by a moderately skilled programer to fit the variable needs of the user and the capabilities of his computer. A code, 
BRANCH, for determining input data gate and bottom event interrelationships is also presented. 

CASI 

Coding; FORTRAN; Trees (Mathematics) 

19780017856 Battelle Pacific Northwest Labs., Richland, WA, USA 

RAFT; A computer program for fault tree risk calculations 

Seybold, G. D., Battelle Pacific Northwest Labs., USA; Nov 1, 1977; 67p; In English 

Contract(s)/Grant(s): EY-76-C-06- 1830 

Report No. (s): BNWL-2146; A01, Unavail. Hardcopy 

RAFT calculated release quantities and a risk measure based on the product of probability and release quantity for cut sets 
of fault trees modeling the accidental release of radioactive material from a nuclear fuel cycle facility. Cut sets and their 
probabilities were supplied as input to RAFT from an external fault tree analysis code. Using the total inventory available of 
radioactive material, along with release fractions for each event in a cut set, the release terms were calculated for each cut set. Each 
release term was multiplied by the cut set probability to yield the cut set risk measure. RAFT orders the dominant cut sets on the 
risk measure. 

ERA 

Computer Programs; Radioactive Materials; Risk; Trees (Mathematics) 

19790006649 Battelle Pacific Northwest Labs., Richland, WA, USA 

MFAULT) A computer program for analyzing fault trees 

Palto, P. J., Battelle Pacific Northwest Labs., USA; Purcell, W. L., Battelle Pacific Northwest Labs., USA; Nov 1, 1977; 58p; In 
English; Sponsored by DOE 

Report No. (s): BNWL-2145; Avail; CASI; A04, Hardcopy; A01, Microfiche 

A description and user instructions are presented for MFAULT, a FORTRAN computer program for fault tree analysis. The 
cut sets of a fault tree, calculates their probabilities, and screens the cut sets on the basis of specified cut-offs on probability and/or 
cut set length are identified by MFAULT. MFAULT is based on an efficient upward-working algorithm for cut set identification. 
The probability calculations are based on the assumption of small probabilities and constant hazard rates (i.e„ exponential failure 
distributions). Cut sets consisting of repairable components (basic events) only, non-repairable components only, or mixtures of 
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both types can be evaluated. Components can be on-line or standby. Unavailability contributions from pre-existing failures, 
failures on demand, and testing and maintenance down-time can be handled. 

DOE 

Computer Programs; FORTRAN; Numerical Analysis; Trees (Mathematics) 


19800037902 

A simple event-definition notation and associated com pater programs 

Amborg, S., Forsvarets Forskningsanstalt, Sweden; IEEE Transactions on Reliability; Dec 1, 1979; R-28, pp. Dec. 197; In 
English; p. 382-385; Copyright; Avail: Issuing Activity 

A notation for defining events to a computer program is described. It has been used in weapon-effect simulation models. It 
is simple and can be efficiently processed by computer. Computer codes using the notation have been developed with small effort. 
AIAA 

Computer Programs; Digital Simulation; Fault Trees; Reliability Analysis; System Effectiveness; Weapon Systems 


19800056180 

Art improvement In cut anti path set determination 

Malasky, S. W.; Tregarthen, P. J., AiResearch Manufacturing Company of California, USA; Jan 1, 1980; 7p; In English; Annual 
Reliability and Maintainability Symposium, January 22-24, 1980, San Francisco, CA; See also A80-40301 16-38; Copyright; 
Avail: Issuing Activity 

An algorithm has been developed which makes cut (or path) set determination less dependent on core size and is faster than 
conventional computer algorithms used for fault trees in the fields of safety and reliability. The algorithms operate by (1) 
determining cut (or path) sets at the second level of each of the branches leading into the top gate, (2) converting the base 10 
numbers representing the elements in each cut set into binary strings so that the location of each bit so determined corresponds 
to a specific base 10 number, and (3) utilizing a series of Boolean instruments written in assembly language to select minimal cut 
sets leading to the top of the tree from those determined at the second level. 

AIAA 

Algorithms; Computer Programs; Fault Trees; Performance Prediction; Reliability Analysis; System Effectiveness 


19830035436 

Using fault trees to find design errors in real time software 

Leveson, N. G.; Stolzy, J. L., California, University, USA; Burton, B. A., California, University, USA; Jan 1, 1983; 8p; In English; 
21st; American Institute of Aeronautics and Astronautics, Aerospace Sciences Meeting, Jan. 10-13, 1983, Reno, NV 
Report No. (s): AIAA PAPER 83-0325; Copyright; Avail; Issuing Activity 

The application of the technique of software fault tree analysis (SFTA) to the identification of potentially life-threatening 
run-time software failure modes or scenarios is examined. The use of software fault tree symbols, derived from the corresponding 
hardware symbols, in the lowest level of fault-tree analysis, the code level, is demonstrated for codes written in ADA. In particular, 
the backward progress of the interactive analysis, where the user is aided by an automated tool, is illustrated through the high level 
programming language constructs of the if-then-else statement, the loop statement, assignment statements, procedure calls and 
case statements. Attention is then given to an SFTA tool currently under development, which will be capable of automatic program 
construct recognition and fault tree presentation in different program levels. SFTA is concluded to provide a good technique for 
the safety analysis of software in the short term, and aid in the development of software safety metrics and safe programming 
techniques in the long term. 

AIAA 

Computer Program Integrity; Fault Trees; Program Verification (Computers); Real Time Operation 


19830035438 

Applying existing safety design techniques to software safety 

Thomas, J. C.; Leveson, N. G., California, University, USA; Jan 1, 1983; 9p; In English; 21st; American Institute of Aeronautics 
and Astronautics, Aerospace Sciences Meeting, Jan. 10-13, 1983, Reno, NV 
Report No.(s): AIAA PAPER 83-0327; Copyright; Avail: Issuing Activity 

Existing software and hardware safety techniques are reviewed to develop techniques for software safety, which is one aspect 
of system safety. Hazard elimination is considered in terms of deletion or correction of critical errors through fault tree analysis, 
validation techniques, and automatic testing. Detection of the error at a low enough level can be implemented with monitors to 
decide whether or not a specific condition exists, if a system is ready for operation or is operating correctly, if the input is 


46 



appropriate, if output is occurring, if the limit is being met, and if the measured factor is abnormal. These steps are amenable to 
software configuring. Warnings from the monitors can lead to lockouts, lockins, and interlocks to isolate hazards or prevent 
incompatible actions from happening. Fail-safe design is discussed, together with failure minimization and Ada features which 
enhance reliability. 

AIAA 

Computer Program Integrity; Error Correcting Devices; Fail-Safe Systems; Fault Trees; Program Verification (Computers); 
Safety Management 

19840003710 Rome Air Development Center, Griffiss AFB, NY, USA 
The evol ution and practical applications of failure modes and effects analyses 
Dussault, H. B., Rome Air Development Center, USA; Mar 1, 1983; 114p; In English 
Contract(s)/Grant(s): AF PROJ. 2338 

Report No.(s): AD-A131358; RADC-TR-83-72; Avail; CASI; A06, Hardcopy; A02, Microfiche 

Failure effects analysis allows a product to be studied early in its design and development stages where undesirable failure 
effects can be identified and readily corrected. This report is intended to give the reader a broad, general background in techniques 
available for failure effects analysis and their usefulness. Sixteen separate techniques, ranging from tabular failure modes and 
effects analysis and fault tree analysis to lesser known and more recently introduced techniques such as hard ware/ software 
interface analysis, are discussed. The current status and prospects for the future failure effects analysis are also discussed in the 
report. 

DTIC 

Failure; Failure Analysis; Failure Modes 

19840027570 
Analyzing software safety 

Leveson, N. G.; Harvey, P. R., California, University, USA; IEEE Transactions on Software Engineering; Sep 1, 1983; ISSN 
0098-5589; SE-9, pp. 569-579; In English; Research supported by the Hughes Aircraft Co., University of California, and System 
Development Corp; Copyright; Avail; Issuing Activity 

The application of software controls to critical real time systems in which the consequences of software failure may endanger 
human life and property prompts the present consideration of software safety, with attention to the novel technique of ’software 
fault tree analysis’ . This technique has been employed on a program controlling the flight and telemetry of a University of 
California spacecraft. A critical failure scenario has been identified by these means which had not been suspected despite rigorous 
prior testing of the program. Portions of this analysis are presented as examples of the results obtainable. 

AIAA 

Computer Program Integrity; Computer Programs; Electronic Control; Fail-Safe Systems; Fault Trees; Real Time Operation; 
Reliability Analysis 

19850027911 

Safety analysis of Ada programs using fault trees 

Leveson, N. G.; Stolzy, J. L., California, University, USA; IEEE Transactions on Reliability; Dec 1, 1983; ISSN 0018-9529; R-32, 
pp. 479-484; In English; Research supported by the University of California and Hughes Aircraft Co; Copyright; Avail: Issuing 
Activity 

The technique of software fault-tree analysis (SFTA) is described using Ada as an example of a real-time programming 
language. It is shown that the system approach inherent in SFTA helps determine the safety requirements of the software. Thus, 
the preliminary system hazard analysis can be used to determine potential system hazards, and then the hazards can be traced back 
to any potential software connection. Particular attention is given to the problems of concurrence and real-time constraints which 
are common in these types of applications. 

AIAA 

Ada (Programming Language); Computer Information Security; Fault Trees; Reliability Analysis; Software Engineering 

19850072474 Japan Atomic Energy Research Inst., Tokyo, Japan 

Users’ manual for the FT.4-J (Fault Tree Analysis-JAERI) code system 

Ishigami, T„ Japan Atomic Energy Research Inst., Japan; Watanabe, N., Japan Atomic Energy Research Inst., Japan; Hikawa, M., 
Japan Atomic Energy Research Inst., Japan; Kaneki, H., Japan Atomic Energy Research Inst., Japan; Horii, H., Japan Atomic 
Energy Research Inst., Japan; Sasaki, S., Japan Atomic Energy Research Inst., Japan; Nov 1, 1983; 164p; In Japanese 
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Report No.(s): DE85-701120; JAERI-M-83-169; Avail: CASI; A08, Hardcopy; Avail: CASI HC A08/; A02, Microfiche; US 
Sales Only 

No abstract. 

Computer Programming; Data Processing; Fault Trees; Information Systems; Reactor Safety 


19860011696 Los Alamos National Lab., NM, USA 
A state space method of fault tree analysis with applications Topical 

Bartholomew, R. J., Los Alamos National Lab., USA; Dec 1, 1984; 198p; In English 
Contract(s)/Grant(s): W-7405-ENG-36 

Report No.(s): LA-10298-T; Avail: CASI; A09, Hardcopy; A03, Microfiche 

Generic fault trees comprising two, three, and four statistically independent initiators in addition to common cause and 
common mode initiators were developed with their Markov and Adjoint models. Failure Mode State Variable (FMSV) models 
that represent the probabilities of failure occurrence in 0, t of events depicted by generic fault trees were developed using modem 
control theory concepts. The FMSV models are contained within the Adjoint Modes. Several practical fault trees of nuclear reactor 
components and subsystems were modeled by the FMSV method. FMSV method is a symbiosis of fault tree analysis and Markov 
modeling, therefore is complete and exhaustible as a probability model. 

B.G. 

Component Reliability; Control Theory; Failure Modes; Fault Trees; Markov Processes 

19860037645 

An expert system for fault tree construction 

Garribba, S.; Guagnini, E., Milano, Politecnico, Italy; Mussio, P„ Milano, Universita, Italy; Jan 1, 1985; 7p; In English; See also 
A86-22376; Copyright; Avail: Issuing Activity 

The architecture of an expert system for the interactive data-driven construction of fault trees is presented. Parts of the system 
are now under realization and testing. The system intends to offer a flexible and easy-to-operate tool to the analyst in reliability 
assessment of complex engineered installations. The expert system is organized according to a number of knowledge-based 
modules that contain metarules, allow to establish rules, and to collect and interpret data. The construction process bases upon 
a representation of the elementary components given a term of multiple-valued logical (MVL) trees and results into an MVL-lree. 
This tree can be analyzed directly or when requested it can be reduced to a number of binary fault trees. 

AIAA 

Expert Systems; Fault Trees; Reliability Analysis 

19870011332 NASA Langley Research Center, Hampton, VA, USA 

The fault-tree compiler 

Martensen, Anna L., PRC Kentron, Inc., USA; Butler, Ricky W., NASA Langley Research Center, USA; Jan 1, 1987; 40p; In 
English 

C ontract(s)/Grant( s) : RTOP 505-66-21-01 

Report No.(s): NASA-TM-89098; NAS 1.15:89098; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The Fault Tree Compiler Program is a new reliability tool used to predict the top event probability for a fault tree. Five 
different gate types are allowed in the fault tree: AND, OR, EXCLUSIVE OR, INVERT, and M OF N gates. The high level input 
language is easy to understand and use when describing the system tree. In addition, the use of the hierarchical fault tree capability 
can simplify the tree description and decrease program execution time. The current solution technique provides an answer precise 
(within the limits of double precision floating point arithmetic) to the five digits in the answer. The user may vary one failure rate 
or failure probability over a range of values and plot the results for sensitivity analyses. The solution technique is implemented 
in FORTRAN; the remaining program code is implemented in Pascal. The program is written to run on a Digital Corporation VAX 
with the VMS operation system. 

CASI 

Compilers; Fault Tolerance; Fault Trees; Problem Solving; Reliability Analysis; Software Engineering 


19890059085 

Software reliability growth process - A life cycle approach 

Raheja, Dev G., Technology Management, Inc., USA; Jan 1, 1989; 4p; In English; Annual Reliability and Maintainability 
Symposium, Jan. 24-26, 1989, Atlanta, GA, USA; See also A89-46451 20-38; Copyright; Avail: Issuing Activity 
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The author presents a life-cycle cost-reduction technique to achieve rapid growth rate in software reliability growth. He points 
out the deficiencies in the current practices in hardware reliability growth process and how to overcome such weaknesses in 
software engineering. It is suggested that fixing errors in software introduces a negative growth because the programmer may not 
know which paths are affected by the change. The best way to accelerate the software reliability and maintenance growth is to 
identify engineering changes in the early design phases. The ATAF program tends to minimize risks and lower life-cycle costs 
significantly. 

AIAA 

Computer Program Integrity; Fault Trees; Life Cycle Costs; Reliability Analysis; Software Development Tools 


19900056010 

Fault-tolerant programs and their reliability 

Belli, Fevzi, Paderborn, Universitaet-Gesamthochschule, USA; Jedrzejowicz, Piotr, Wyzsza Szkola Morska, Poland; IEEE 
Transactions on Reliability; Jun 1, 1990; ISSN 0018-9529; 39, pp. 184-192; In English; Copyright; Avail: Issuing Activity 
The authors review and extend available techniques for achieving fault-tolerant programs. The representation of the 
techniques is uniform and is illustrated by simple examples. For each technique a fault tree has been developed to derive failure 
probability from the probabilities of the basic fault events. This allows the subsequent analysis of program-failure causes and the 
reliability modeling of computer programs. Numerical examples are given to support the comparison of the reviewed techniques. 
The models can be used to evaluate numerical values of program reliability in a relatively simple way. The models deal with 
program reliability for a single run, which seems more practical and straightforward than dealing with distributions as for 
hardware systems. Evaluations obtained by using models correspond to those used in the literature; however, the authors’ 
procedures are computationally simpler. 

AIAA 

Fault Tolerance; Fault Trees; Reliability Analysis 

19910013431 Naval Postgraduate School, Monterey, CA, USA 
Safety analysis of heterogeneous-multiprocessor control system software 
Gill, Janet A., Naval Postgraduate School, USA; Dec 1, 1990; 63p; In English 
Report No. (s): AD-A231859; Avail: CASI; A04, Hardcopy; A01, Microfiche 

Fault trees and Petri nets are two widely accepted graphical tools used in the safety analysis of software. Because some 
software is life and property critical, thorough analysis techniques are essential. Independently Petri nets and fault trees serve 
limited evaluation purposes. This thesis presents a technique that converts and links Petri nets to fault trees and fault trees to Petri 
nets. It enjoys the combinational benefits of both analysis tools. Software Fault Tree Analysis and timed Petri nets facilitate 
software safety analysis in heterogeneous multiprocessor control systems. Analysis use a Petri net to graphically organize the 
selected software. A fault tree supports a hazardous condition with subsequent leaf node paths that lead to the hazard. Through 
the combination of Petri nets and fault trees, an analyst can determine a software fault if he can reach an undesired Petri net state, 
comparable with the fault tree root fault, from an initial marking. All transitions leading to the undesired state from the initial 
marking must be enabled and the states must be marked that represent the leaf nodes of the fault tree path. It is not the intention 
of this thesis to suggest that an analyst be replaced by an automated tool. There must be analyst interaction focusing the analyst’s 
insight and experience on the hazards of a system. This method is proposed only as a tool for evaluation during the overall safety 
analysis. 

DTIC 

Computer Programs; Fault Trees; Graphic Arts; Multiprocessing (Computers); Performance Tests; Petri Nets 

19920008841 NASA Langley Research Center, Hampton, VA, USA 

Graphical workstation capability for reliability modeling 

Bavuso, Salvatore J., NASA Langley Research Center, USA; Koppen, Sandra V., Lockheed Engineering and Sciences Co., USA; 
Haley, Pamela J., NASA Langley Research Center, USA; Feb 1, 1992; 14p; In English 
Contract(s)/Grant(s): RTOP 505-66-21 

Report No.(s): NASA-TM-4317; L-16887; NAS 1.15:4317; Avail: CASI; A03. Hardcopy; A01, Microfiche 

In addition to computational capabilities, software tools for estimating the reliability of fault-tolerant digital computer 
systems must also provide a means of interfacing with the user. Described here is the new graphical interface capability of the 
hybrid automated reliability predictor (HARP), a software package that implements advanced reliability modeling techniques. 
The graphics oriented (GO) module provides the user with a graphical language for modeling system failure modes through the 
selection of various fault-tree gates, including sequence-dependency gates, or by a Markov chain, by using this graphical input 
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language, a fault tree becomes a convenient notation for describing a system. In accounting for any sequence dependencies, HARP 
converts the fault-tree notation to a complex stochastic process that is reduced to a Markov chain, which it can then solve for system 
reliability. The graphics capability is available for use on an IBM-compatible PC, a Sun, and a VAX workstation. The GO module 
is written in the C programming language and uses the graphical kemal system (GKS) standard for graphics implementation. The 
PC, VAX, and Sun versions of the HARP GO module are currently in beta-testing stages. 

CASI 

Computer Graphics; Computer Systems Performance; Computer Techniques; Digital Computers; Failure Modes; Fault 
Tolerance; Fault Trees; Human-Computer Interface; Markov Chains; Reliability; Reliability Analysis; System Failures; 
Workstations 


19920059449 

Software safely analysis in heterogeneous multiprocessor control systems 

Shimeall, Timothy J.; Mcgraw, Richard J., Jr.; Gill, Janet A., U.S. Naval Postgraduate School, USA; Jan 1, 1991; 5p; In English; 
Annual Reliability and Maintainability Symposium, Jan. 29-31, 1991, Orlando, FL, USA; See also A92 -42051; Copyright; Avail: 
Issuing Activity 

Many modem digital control systems use multiprocessor architectures. This paper discusses the analysis of the safety of the 
software in these control system architectures, presenting an integration of two techniques, software fault tree analysis and timed 
Petri net analysis. This integration is demonstrated using an analysis of a military flight control system. 

AIAA 

Control Systems Design; Design Analysis; Multiprocessing (Computers); Safety; Software Engineering 


19920066525 NASA Langley Research Center, Hampton, VA, USA 
Closed-form solution of decomposable stochastic models 

Sjogren, Jon A., U.S. Army, Avionics Research and Development Activity; NASA, Langley Research Center, USA; Computers 
and Mathematics with Applications; Jan 1, 1992; ISSN 0097-4943; 23, 12, 1; 25p; In English; Copyright; Avail: Issuing Activity 
Equations to compute failure probabilities of the total (combined) model without a complete solution of the combined model 
are presented. A closed-form analytical approach to presentation of probabilities is used on the bases of the Symbolic Hierarchical 
Automated Reliability and Performance Evaluator tool. The techniques under consideration make it possible to compute the 
probability function for a much wider class of systems at a reduced computational cost. 

AIAA 

Fault Tolerance; Fault Trees; Markov Processes; Reliability Analysis; Stochastic Processes 


19930019789 Japan Atomic Energy Research Inst., Tokyo, Japan 
Users manual for fault tree analysis code: CUT-TD 

Watanabe, Norio, Japan Atomic Energy Research Inst., USA; Kiyota, Mikio, Japan Atomic Energy Research Inst., USA; Jun 1, 
1992; 57p; In English 

Report No.(s): DE93-753272; JAERI-M-92-089; Avail: CASI; A04, Hardcopy; A01, Microfiche 

The CUT-TD code was developed to find minimal cut sets for a given fault tree and to calculate the occurrence probability 
of its top event. This code uses an improved top-down algorithm which can enhance the efficiency in deriving minimal cut sets. 
The features in processing techniques incorporated into CUT-TD are as follows: (1) consecutive OR gates or consecutive AND 
gates can be coalesced into a single gate, as a result, this processing directly produces cut sets for the redefined single gate with 
each gate not being developed; (2) the independent subtrees are automatically identified and their respective cut sets are separately 
found to enhance the efficiency in processing; (3) the minimal cut sets can be obtained for the top event of a fault tree by combining 
their respective minimal cut sets for several gates of the fault tree; (4) the user can reduce the computing time for finding minimal 
cut sets and control the size and significance of cut sets by inputting a minimum probability cut off and/or a maximum order cut 
off; (5) the user can select events that need not to be further developed in the process of obtaining minimal cut sets (this option 
can reduce the number of minimal cut sets, save the computing time and assists the user in reviewing the result); (6) computing 
time is monitored by the CUT-TD code so that it can prevent the running job from abnormally ending due to excessive CPU time 
and produce an intermediate result. The CUT-TD code has the ability to restart the calculation with use of the intermediate result. 
A users’ manual for the CUT-TD code, is provided. 

DOE 

Data Processing; Fault Trees; User Manuals (Computer Programs) 
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19940012974 NASA Langley Research Center, Hampton, VA, USA 

Tutorial: Advanced fault tree applications using HARP 

Dugan, Joanne Bechta, Duke Univ., USA; Bavuso, Salvatore J., NASA Langley Research Center, USA; Boyd, Mark A., Duke 
Univ., USA; Nov 1, 1993; 30p; In English 
Contract(s)/Grant(s): RTOP 505-66-21 

Report No.(s): NASA-TM- 102747; NAS 1.15:102747; Avail; CASI; A03, Hardcopy; A01, Microfiche 

Reliability analysis of fault tolerant computer systems for critical applications is complicated by several factors. These 
modeling difficulties are discussed and dynamic fault tree modeling techniques for handling them are described and demonstrated. 
Several advanced fault tolerant computer systems are described, and fault tree models for their analysis are presented. HARP 
(Hybrid Automated Reliability Predictor) is a software package developed at Duke University and NASA Langley Research 
Center that is capable of solving the fault tree models presented. 

Author (revised) 

Fault Tolerance; Fault Trees; Reliability Analysis 


19940014909 Loughborough Univ. of Technology, Dept, of Mathematical Sciences., UK 

Optimal safety system design using fault tree analysis 

Andrews, J. D„ Loughborough Univ. of Technology, UK; Jun 1, 1993; 32p; In English 
Report No.(s): MATHS -REPT-A- 187; Avail: CASI; A03, Hardcopy; A01, Microfiche 

A design optimization scheme for systems which require a high likelihood of functioning on demand is described. The final 
design specification is achieved by solving a sequence of optimization problems. Each of these problems is defined by assuming 
some form of the objective function and specifying a subregion of the design space over which this function will be representative 
of the system unavailability. An example of a high pressure protection system was used to demonstrate the technique. Design 
parameters for this system include redundancy levels, the number of elements required for a voting system to function, component 
selection options and maintenance inspection intervals. Both implicit and explicit contraint forms were used. The implicit 
constraints require a full system analysis to determine whether the current design is feasible or not. All system assessments were 
carried out using fault tree analysis. 

ESA 

Computer Program Integrity; Design Analysis; Fault Trees; Optimization; Systems Analysis 


19940020083 Naval Postgraduate School, Monterey, CA, USA 
An automated tool to facilitate code translation for software fault tree analysis 
Ordonio, Robert R., Naval Postgraduate School, USA; Sep 1, 1993; 21 lp; In English 
Report No. (s): AD-A273205; Avail; CASI; A 10, Hardcopy; A03, Microfiche 

A safe system is defined as a system that prevents unsafe states from producing safety failures, where an unsafe state is defined 
as a state that may lead to safety failure unless some specific action is taken to avert it. The problem addressed is how to find places 
in Ada programs where faults are likely to occur during program execution. The approach is to build an automated translation 
tool that translates Ada programs into a software fault tree. The tool works as follows: (1) The Ada parser and lexical analyzer 
calls the Automated Code Translation Tool (ACTT) upon recognition of an Ada statement; (2) The ACTT produces a template 
representing the statement; (3) The templates are linked together as a software fault tree. The result is a program that takes Ada 
source code as input and produces a software fault tree as output. 

DTIC 

Ada (Programming Language); Fault Trees; Safety; Systems Engineering; Translating 


19950013626 Naval Postgraduate School, Monterey, CA, USA 

Software fault tree analysis of concurrent Ada processes 

Reid, William Samual, Jr., Naval Postgraduate School, USA; Sep 1, 1994; 94p; In English 
Report No. (s): AD-A284979; Avail; CASI; A05, Hardcopy; A01, Microfiche 

The Automated Code Translation Tool (ACTT) was developed at Naval Postgraduate School to partially automate the 
translation of Ada programs into software fault trees. The tool works as follows: the Ada parser and lexical analyzer calls the 
ACTT upon recognition of an Ada statement; the ACTT produces a template representing the statement; the templates are linked 
together. The tool was lacking in that it only looked at a subset of Ada structures. The problem that this thesis addresses is the 
implementation of the missing language structures, specifically, concurrency and exception handling, to allow the ACTT to handle 
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all of the Ada structures. The result is a tool that takes the Ada source code and provides the analyst with a sequence of templates, 
and summary information to assist in incorporating hazard information for generating a fault tree. 

DTIC 

Ada (Programming Language); Automatic Control; Computer Programs; Fault Trees; Machine Translation; Program Verification 
(Computers); Software Engineering 


19950019625 Finnish Centre for Radiation and Nuclear Safety, Helsinki, Finland 

Reliability analysis of software based safety functions 

Pulkkinen, U., Technical Research Centre of Finland, Finland; May 1, 1993; 65p; In English 
Report No.(s): DE95-606516; STUK-YTO-TR-53; Avail: CASI; A04, Hardcopy; A01, Microfiche 

The methods applicable in the reliability analysis of software based safety functions are described in the report. Although 
the safety functions also include other components, the main emphasis in the report is on the reliability analysis of software. The 
check list type qualitative reliability analysis methods, such as failure mode and effects analysis (FMEA), are described, as well 
as the software fault tree analysis. The safety analysis based on the Petri nets is discussed. The most essential concepts and models 
of quantitative software reliability analysis are described. The most common software metrics and their combined use with 
software reliability models are discussed. The application of software reliability models in PSA is evaluated; it is observed that 
the recent software reliability models do not produce the estimates needed in PSA directly. As a result from the study some 
recommendations and conclusions are drawn. The need of formal methods in the analysis and development of software based 
systems, the applicability of qualitative reliability engineering methods in connection to PSA and the need to make more precise 
the requirements for software based systems and their analyses in the regulatory guides should be mentioned. 

DOE 

Checkout; Computer Programs; Failure Analysis; Failure Modes; Fault Trees; Petri Nets; Qualitative Analysis; Quantitative 
Analysis; Reliability Analysis; Reliability Engineering; Software Reliability 


19960000117 Naval Postgraduate School, Monterey, CA, USA 
Fault, isolator tool tor software fault tree analysis 

Mason, Russell W„ Naval Postgraduate School, USA; Mar 1, 1995; 77p; In English 
Report No.(s): AD-A294399; Avail; CASI; A05, Hardcopy; A01, Microfiche 

Software fault tree analysis (SETA) is a technique used to analyze software for faults that could lead to hazardous conditions 
in systems which contain software components. A necessary element of a SETA process is the construction of software fault trees 
based upon the syntactical structure of the software being analyzed. The specific problem addressed by this thesis is how can the 
process of generating software fault trees based upon the translation of Ada source code files be automated. The approach taken 
to address this problem was to develop an automated tool that manipulates files created by the Automated Code Translation Tool 
(ACTT) developed earlier at the Naval Postgraduate School. The ACTT is an automated tool that translates Ada source code files 
into statement template tree structures that can be used to construct software fault trees. This thesis presents the Fault Isolator Tool 
(FIT), an automated process for locating and isolating those parts of a statement template tree structure generated by the ACTT 
tool that are related to statements in Ada programs that the analyst selects for evaluation. The FIT tool then generates software 
fault trees in a form compatible with the Fault Tree Editor (FTE), an interactive graphical editor developed for the display, editing, 
and evaluation of software fault trees. 

DTIC 

Ada (Programming Language); Fault Trees; Machine Translation; Program Verification (Computers); Reliability Analysis; 
Software Development Tools; Software Reliability 


19971)005320 Virginia Univ., School of Engineering and Applied Science, Charlottesville, VA USA 

Development, of a Software Safely Process and a Case Study of Its Use Annual Report, 1 Aug, 1995 - 31 JuL 1996 

Knight, J. C., Virginia Univ., USA; Nov. 1996; 14p; In English 
Contract(s)/Grant(s): NAG1-1123 

Report No.(s): NASA-CR-202656; NAS 1.26:202656; UVA/528344/CS97/106; No Copyright; Avail: CASI; A03, Hardcopy; 
A01, Microfiche 

Research in the year covered by this reporting period has been primarily directed toward: continued development of mock-ups 
of computer screens for operator of a digital reactor control system; development of a reactor simulation to permit testing of 
various elements of the control system; formal specification of user interfaces; fault-tree analysis including software; evaluation 
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of formal verification techniques; and continued development of a software documentation system. Technical results relating to 
this grant and the remainder of the principal investigator’s research program are contained in various reports and papers. 
Derived from text 

Program Verification (Computers); Safety Factors; Fault Trees; Control Systems Design; Fluman-Computer Interface; Nuclear 
Reactors; Digital Techniques 


19980002851 Newcastle-upon-Tyne Univ., Dept, of Computing Science, Newcastle, UK 

Fault Injection Testing of Software Implemented Fault Tolerance Mechanisms of Distributed Systems, series 

Tao, S., Newcastle-upon-Tyne Univ., UK; Feb. 1997; 185p; In English 

Report No.(s): PB97-181861; TRS-580; Copyright Waived; Avail: CASI; A09, Hardcopy; A02, Microfiche 

The thesis investigates the issues of testing software-implemented fault tolerance mechanisms of distributed systems through 
fault injection. A fault injection method has been developed. The method requires that the target software system can be structured 
as a collection of objects interacting via messages. This enables easy insertion of fault injection objects into the target system to 
emulate incorrect behavior of fault processors by manipulating messages. This approach allows one to inject specific classes of 
faults while not requiring any significant changes to the target system. The method differs from previous work in that is exploits 
an object oriented approach of software implementation to support the injection of specific classes of faults at the system level. 
The thesis describes how various mechanisms (for example, clock synchronization protocol, and atomic broadcast protocol) were 
tested. The testing revealed flaws in implementation that had not been discovered before, thereby demonstrating the usefulness 
of the method. Application of the approach to other distributed systems is also described in the thesis. 

NTIS 

Fault Tolerance; Computer Programs; Software Development Tools; Injection; Object-Oriented Programming; Computer 
Systems Performance 


19980009647 Virginia Univ., School of Engineering and Applied Science, Charlottesville, VA USA 
Development of a Software Safety Process and a Case Study of Its Use Annual Report, 1 Aug, 1996 - 31 Jul. 1997 
Knight, J. C., Virginia Univ., USA; Oct. 1997; 13p; In English 
Contract(s)/Grant(s): NAG1- 1123 

Report No.(s); NASA/CR-97-206152; NAS 1.26:206152; UVA/528344/CS98/107; No Copyright; Avail: CASI; A03, Hardcopy; 
A01, Microfiche 

Research in the year covered by this reporting period has been primarily directed toward the following areas: (1) Formal 
specification of user interfaces; (2) Fault-tree analysis including software; (3) Evaluation of formal specification notations; (4) 
Evaluation of formal verification techniques; (5) Expanded analysis of the shell architecture concept; (6) Development of 
techniques to address the problem of information survivability; and (7) Development of a sophisticated tool for the manipulation 
of formal specifications written in Z. This report summarizes activities under the grant. The technical results relating to this grant 
and the remainder of the principal investigator’s research program are contained in various reports and papers. The remainder of 
this report is organized as follows. In the next section, an overview of the project is given. This is followed by a summary of 
accomplishments during the reporting period and details of students funded. Seminars presented describing work under this grant 
are listed in the following section, and the final section lists publications resulting from this grant. 

Author 

Computer Programming; Safety; Specifications; Evaluation; Technologies 


19980111470 

A review of research and methods for producing high -consequence software 

Collins, E., Sandia National Labs., USA; Dalton, L., Sandia National Labs., USA; Peercy, D., Sandia National Labs., USA; 
Pollock, G., Sandia National Labs., USA; Sicking, C\, Sandia National Labs., USA; 1995, pp. 199-245; In English 
Contract(s)/Grant(s): DE-AC04-94AL-85000; Copyright; Avail: Aeroplus Dispatch 

The development of software for use in high-consequence systems mandates rigorous processes, methods, and techniques 
to improve the safety characteristics of those systems. This paper provides a brief overview of current research and practices in 
high-consequence software, including applied design methods. Some of the practices that are discussed include: fault tree 
analysis, failure mode effects analysis, petri nets, both hardware and software interlocks, n-version programming, Independent 
Vulnerability Analyses, and watchdogs. Techniques that offer improvement in the dependability of software in high-consequence 
systems applications are identified and discussed. Limitations of these techniques are also explored. Research in fomial methods. 
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the cleanroom process, and reliability models are reviewed. In addition, current work by several leading researchers as well as 
approaches being used by leading practitioners are examined. 

Author (AIAA) 

Software Development Tools; Safety Factors; Fault Trees; Failure Modes; Integrated Circuits; Circuit Reliability 


19980120597 

An extension of Goal- Question-Metric paradigm for software reliability 

Stoddard, Robert W., Texas Instruments, Inc., Dallas, USA; 1996, pp. 156-162; In English; Copyright; Avail: Aeroplus Dispatch 
The driving need in software reliability is to mature the 'physics of failure' and design aspects related to software reliability. 
This type of focus would then enhance one’s ability to effect reliable software in a predictable form. A major challenge is that 
software reliability, in essence, requires one to measure compliance to customer/user requirements. Customer/user requirements 
can range over a wide spectrum of software product attributes that relate directly or indirectly to software performance. The 
Goal-Question-Metric paradigm is a popular and effective approach to measurement identification. However, in practice, 
additional challenges in using this approach have been encountered. Some of these challenges, though, seem to be alleviated with 
use of a reliability technique called success/fault tree analysis. Experience has shown that the Goal-Question-Metric paradigm 
is conducive to the building of G-Q-M trees which may be analyzed using reliability success/fault tree logic. 

Author (AIAA) 

Software Reliability; Quality Control 


19980156006 

Automated software fault-tree analysts of PASCAL programs 

Friedman, Michael A., Hughes Aircraft Co., USA; 1993, pp. 458-461; In English; Copyright; Avail: Aeroplus Dispatch 

A tool is described that largely automates the process of constructing a software fault-tree of a PASCAL program. Software 
fault-tree analysis is based on a series of templates that each map programming language constructs to a subtree. The tool reads 
in a PASCAL program and a software-caused hazard (postcondition), and fills it in template subtrees that correspond to the 
program’s constructs. These subtrees are arranged into a tree of AND and OR gales in which the top event is the postcondition. 
Author (AIAA) 

Fault Trees; Computer Programs; Pascal (Programming Language) 


19980205670 Newcastle-upon-Tyne Univ., Dept, of Computing Science, Newcastle, UK 
Object-Based Approach to Modelling and Analysis of Failure Properties 

Cepin, M„ Newcastle-upon-Tyne Univ., UK; deLemos, R., Newcastle-upon-Tyne Univ., UK; Mavko, B., Newcastle-upon-Tyne 
Univ., UK; Riddle, S„ Newcastle-upon-Tyne Univ., UK; Saeed, A., Newcastle-upon-Tyne Univ., UK; Aug. 1997; 22p; In English 
Report No.(s): PB98- 147887; TRS-598; Copyright Waived; Avail: CASI; A03, Hardcopy; A01, Microfiche 

As a basis for the required qualitative evidence, we propose an object-based approach that allows modeling of both the 
application and software domains. From the object class model of a system and a formal specification of the failure properties 
of its components, we generate a graph of failure propagation over object classes, which is then used to generate a graph in terms 
of object instances in order to conduct fault tree analysis. 

NTIS 

Software Engineering; Failure; Applications Programs (Computers); Fault Trees; Object-Oriented Programming; Safety 


19980212262 

An Integrated approach to achieving high software reliability 

Lyu, Michael R., Chinese Univ. of Hong Kong, Shatin, Hong Kong; 1998, pp. 123-136; In English; Copyright; Avail: Aeroplus 
Dispatch 

We address the development, testing, and evaluation schemes for software reliability, and the integration of these schemes 
into a unified and consistent paradigm. Specifically, techniques and tools for the three software reliability engineering phases are 
described. The three phases are modeling and analysis, design and implementation, and testing and measurement. In the modeling 
and analysis phase we describe Markov modeling and fault-tree analysis techniques. We present system-level reliability models 
based on these techniques, and provide modeling examples for reliability analysis and study. We describe how reliability block 
diagrams can be constructed for a real-world system for reliability prediction, and how critical components can be identified. We 
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also apply fault tree models to fault tolerant system architectures, and formulate the resulting reliability quantity. Finally, we 
describe two software tools, SHARPE and UltraSAN, which are available for reliability modeling and analysis purposes. 
Author (AIAA) 

Software Reliability; Systems Integration; Software Development Tools; Markov Processes; Fault Trees; Failure Analysis 


19990054676 Raytheon Systems Co., Fullerton, CA USA 

Determining Software (Safety ) Levels for Safety-Critical Systems 

Tamanaha, Doris Y., Raytheon Systems Co., USA; Yin, Meng-Lai, Raytheon Systems Co., USA; Proceedings of the 
Twenty-Third Annual Software Engineering Workshop; June 1999; 43p; In English; See also 19990054657; Original contains 
color illustrations; No Copyright; Avail: CASI; A03, Hardcopy; A04, Microfiche 

For safety-critical software-intensive systems, software (safety) levels are determined so that the appropriate development 
process is applied. This paper discusses issues of applying the results of fault tree analysis to software (safety) levels 
determination. In particular, the inconsistency problem, i.e., inconsistent software (safety) levels is addressed and an approach 
is presented. 

Author 

Computer Systems Programs; Fault Trees; Software Engineering; Software Reliability; Reliability Analysis; Consistency 

19990056035 

Software engineering of critical software tools 

Sullivan, Kevin J„ Virginia, Univ., Charlottesville, USA; 1999; In English; Copyright; Avail: AIAA Dispatch 

This tutorial surveys important concepts in modem software engineering, with a focus on software architecture, formal 
description, object-orientation, and component-based design. Special attention is given to the Galileo fault tree analysis tool. 
AIAA 

Software Engineering; Object-Oriented Programming; Software Development Tools; Computer Aided Design; Fault Trees 

19990056048 

A design language for automatic synthesis of fault trees 

Vemuri, Kiran K., Hewlett-Packard Co., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Sullivan, Kevin J„ Virginia, 
Univ., Charlottesville; 1999, pp. 91-96; In English 

Contract(s)/Grant(s): NSF CCR-95-02029; NSF CCR-95-06779; NSF MIP-95-28258; Copyright; Avail: AIAA Dispatch 

The separation of digital system design and reliability analysis incurs unnecessary costs, delays, and quality penalties. This 
paper introduces a graphical design language called RIDL (Reliability Information embedded Design Language) for modeling 
digital systems. In RIDL, redundancy and failure information is embedded within block diagram schematics, without significantly 
altering the physical block diagram models typically used by design engineers. A system schematic in RIDL has all of the 
information needed for reliability analysis without a need for additional textual descriptions. A dynamic fault tree model can be 
automatically synthesized from a RIDL system model. Designers can use the synthesized fault trees to obtain rough reliability 
analyses at an early conceptual design stage, to evaluate the potential of this approach, we have applied it to several example 
systems. 

Author (AIAA) 

Reliability Analysis; Fault Trees; Programming Languages; Digital Systems; Computer Graphics; Failure Analysis 


19990056049 

Bridging the gap between systems and dynamic fault tree models 

Manian, Ragavan, FORE Systems, Inc., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Sullivan, Kevin J., Virginia, 
Univ., Charlottesville; Coppit, David W., Virginia, Univ., Charlottesville; 1999, pp. 105-111; In English 
Contract(s)/Grant(s): NSF CCR-95-02029; NSF CCR-95-06779; NSF MIP-95-28258; Copyright; Avail: AIAA Dispatch 

Fault tolerant systems are composed of subsystems that interact with each other, often in complex ways. Analyzing the 
reliability of these systems calls for sophisticated modeling techniques. One such technique is dynamic fault tree analysis. Because 
the semantics of dynamic fault trees are themselves complex, there is a question of whether such models are faithful 
representations of the modeled systems, and whether the underlying analysis techniques are correct. Previous definitions of the 
modeling constructs employed in dynamic fault trees were not precise or consistent enough, leading to ambiguities in their 
interpretation. We present our efforts at making the dynamic fault bee modeling and evaluation process precise. Our aim was to 
improve our confidence in the validity of dynamic fault tree models of system failure behavior, by rigorously specifying fault trees 
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and their constituent gates and basic events, we were able to reason more effectively about the correctness of fault trees, the 
underlying analytical Markov models, and the numerical solution to these analytical models. 

Author (AIAA) 

Reliability Analysis; Fault Trees; Dynamic Models; Fault Tolerance; System Failures; Markov Processes 


19990066815 

Use of prime implicants in dependability analysis of software controlled systems 

Yau, Michael, ASCA, Inc., USA; Apostolakis, George; Guano, Sergio; Reliability Engineering & System Safety; Oct, 1998; 
ISSN 0951-8320; Volume 62, no. 1-2, pp. 23-32; In English; Copyright; Avail: Issuing Activity 

The behavior of software controlled systems is usually non-binary and dynamic. It is, thus, convenient to employ multi-valued 
logic to model these systems. Multi-valued logic functions can be used to represent the functional and temporal relationships 
between the software and hardware components. The resulting multi-valued logic model can be analyzed deductively, i.e. by 
tracking causality in reverse from undesirable ’top’ events to identify faults that may be present in the system. The result of this 
deductive analysis is a set of prime implicants for a user-defined system top event. The prime implicants represent all the 
combinations of basic component conditions and software input conditions that may result in the top event; they are the extension 
to multi-valued logic of the concept of minimal cut sets that is used routinely in the analysis of binary fault trees. This paper 
discusses why prime implicants are needed in the dependability analysis of software controlled systems, how they are generated, 
and how they are used to identify faults in a software controlled system. 

Author (El) 

Computer Programs; Computers; Mathematical Models; Failure Analysis 
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Incremental retrieval mechanism for case-based electronic fault diagnosis 

Cunningham, P., Trinity Coll. Dublin, Ireland; Smyth, B.; Bonzano, A.; Knowledge-Based Systems; Nov 12, 1998; ISSN 
0950-7051; Volume 11, no. 3-4, pp. 239-248; In English; Copyright; Avail: Issuing Activity 

One problem with using CBR for diagnosis is that a full case description may not be available at the beginning of the diagnosis. 
The standard CBR methodology requires a detailed case description in order to perform case retrieval and this is often not practical 
in diagnosis. We describe two fault diagnosis tasks where many features may make up a case description but only a few features 
are required in an individual diagnosis. We evaluate an incremental CBR mechanism that can initiate case retrieval with a skeletal 
case description and will elicit extra discriminating information during the diagnostic process. 
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Computer Techniques; Software Engineering; Electronic Equipment; Problem Solving 
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Architectural model for software reliability quantification: Sources of data 

Smidts, C., Univ. of Maryland, USA; Sova, D.; Reliability Engineering & System Safety; May, 1999; ISSN 0951-8320; Volume 
64, no. 2, pp. 279-290; In English; Copyright; Avail: Issuing Activity 

An architecturally based software reliability model called FASRE is introduced. The model is based on an architecture 
derived from the requirements which captures both functional and nonfunctional requirements and on a generic classification of 
functions, attributes and failure modes. The model focuses on evaluation of failure mode probabilities and uses a Bayesian 
quantification framework. Failure mode probabilities of functions and attributes are propagated to the system level using fault 
trees. It can incorporate any type of prior information such as results of developers’ testing, historical information on a specific 
functionality and its attributes, and, is ideally suited for reusable software. 
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COMPUTER SYSTEMS 


Includes computer networks and distributed processing systems. For information systems see 82 Documentation and Information 
Science. For computer systems applied to specific applications, see the associated category. 


19820058732 

Automatic generation of symbolic reliability functions by proeessor-memory-swittih structures 

Kini, V., Southern California, University, USA; Siewiorek, D. P„ Carnegie -Mellon University, USA; IEEE Transactions on 
Computers; Aug 1, 1982; C-31, pp. Aug. 198; In English; p. 752-771 

Contract(s)/Grant(s): N0014-77-C-0103; NSF GI-32758X; NR PROJECT 048-645; Copyright; Avail: Issuing Activity 

A methodology is proposed for automating the computation of symbolic reliability functions for arbitrary interconnection 
structures at the Processor-Memory- Switch (PMS) level, with emphasis on the automation of the task of case analysis and problem 
partitioning in the hard failure reliability computation of PMS structures. A program, the Avanced Interactive Symbolic Evaluator 
of Reliability (ADVISER) was constructed as a research vehicle that accepts as its inputs the interconnection graph of the PMS 
structure and a succinct statement of the operational requirements of the structure in the form of a regular expression. ADVISER 
considers such communication structures in the PMS system as buses and crosspoint switches, in addition to the explicitly stated 
requirement of determining the effect of the interconnection structure on system reliability. The program’s output is a symbolic 
reliability equation for the system. 

AIAA 

Circuit Reliability; Computer Aided Design; Computer Systems Design; Fail-Safe Systems; Fault Trees; Reliability Analysis 

19890015444 NASA Langley Research Center, Hampton, VA, USA 
The Fault Tree Compiler (FTC): Program and mathematics 

Butler, Ricky W„ NASA Langley Research Center, USA; Martensen, Anna L„ PRC Kentron, Inc., Hampton, USA; Jul 1, 1989; 
40p; In English 

Contract(s)/Grant(s): RTOP 505-66-21-01 

Report No.(s): NASA-TP-2915; L-16529; NAS 1.60:2915; Avail: CASI; A03, Hardcopy; A01, Microfiche 

The Fault Tree Compiler Program is a new reliability tool used to predict the top-event probability for a fault tree. Five 
different gate types are allowed in the fault tree; AND, OR, EXCLUSIVE OR, INVERT, AND m OF n gates. The high-level input 
language is easy to understand and use when describing the system tree. In addition, the use of the hierarchical fault tree capability 
can simplify the tree description and decrease program execution time. The current solution technique provides an answer 
precisely (within the limits of double precision floating point arithmetic) within a user specified number of digits accuracy. The 
user may vary one failure rate or failure probability over a range of values and plot the results for sensitivity analyses. The solution 
technique is implemented in FORTRAN; the remaining program code is implemented in Pascal. The program is written to mn 
on a Digital Equipment Corporation (DEC) VAX computer with the VMS operation system. 

CASI 

Computer Programs; Computer Techniques; Fault Tolerance; Fault Trees; Probability Theory; Reliability Analysis 

19920059468 Jet Propulsion Lab., California Inst, of Tech., Pasadena, CA, USA 

Fault tree models for fault tolerant hypcrcube multiprocessors 

Boyd, Mark A., Duke University, USA; Tuazon, Jezus O., JPL, USA; Jan 1, 1991; 5p; In English; Annual Reliability and 
Maintainability Symposium, Jan. 29-31, 1991, Orlando, FL, USA; See also A92-42051; Copyright; Avail: Issuing Activity 
Three candidate fault tolerant hypercube architectures are modeled, their reliability analyses are compared, and the resulting 
implications of these methods of incorporating fault tolerance into hypercube multiprocessors are discussed. In the course of 
performing the reliability analyses, the use of HARP and fault trees in modeling sequence dependent system behaviors is 
demonstrated. 

AIAA 
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19970018571 Sandia National Labs., Albuquerque, NM USA 

Probabilistic logic modeling of network reliability for hybrid network architectures 

Wyss, G. D., Sandia National Labs., USA; Schriner, H. K., Sandia National Labs., USA; Gaylor, T. R., Sandia National Labs., 
USA; 1996; lOp; In English; Local Computer Networking, 13-16 Oct. 1996, Minneapolis, MN, USA 
Contract(s)/Grant(s): DE-AC04-94AL-85000 
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Report No.(s): SAND-96-2048C; CONF-9610171-1; DE96-014080; No Copyright; Avail: Issuing Activity (Department of 
Energy (DOE)), Microfiche 

Sandia National Laboratories has found that the reliability and failure modes of current-generation network technologies can 
be effectively modeled using fault tree-based Probabilistic Logic Modeling (PLM) techniques. We have developed fault tree models 
that include various hierarchical networking technologies and classes of components interconnected in a wide variety of typical and 
a typical configurations. In this paper we discuss the types of results that can be obtained from PLMs and why these results are of 
great practical value to network designers and analysts. After providing some mathematical background, we describe the 
’plug-and-play’ fault tree analysis methodology that we have developed for modeling connectivity and the provision of network 
services in several current- generation network architectures. Finally, we demonstrate the flexibility of the method by modeling the 
reliability of a hybrid example network that contains several interconnected ethemet, FDDI, and token ring segments. 

DOE 

Computer Networks; Architecture (Computers); Fault Trees; Mathematical Models 

19980155979 

Fault trees and imperfect coverage - A combinatorial approach 

Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B„ Duke Univ., USA; 1993, pp. 214-219; In English 
Contract(s)/Grant(s): NCA2-617; Copyright; Avail; Aeroplus Dispatch 

We present a new technique for combining a coverage model with a fault tree. For a class of systems, this technique is simpler 
and faster than those currently being used. Given a fault tree model of the system structure, the minimum cutsets are generated 
using standard techniques. This set of cutsets represents the effects of covered faults and can be used to determine if the system 
contains sufficient redundancy to achieve the desired reliability. This set of minimum cutsets is augmented by a set of cutsets that 
represent uncovered faults. This set of additional cutsets is disjoint from the original cutsets, but they are not independent since 
covered and uncovered faults are mutually exclusive. We solve the resulting set of cutsets by combining standard multi-state and 
sum-of-disjoint products solution techniques. 

Author (AIAA) 

Fault Trees; Combinatorial Analysis; Reliability Analysis 
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Combmatontri-modds and coverage ~ A binary decision diagram (BDD) approach 

Doyle, Stacy A., Duke Univ., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; Boyd, Mark, NASA Ames Research 
Center, USA; 1995, pp. 82-89; In English 

Contract(s)/Grant(s): NCA2-825; NGT-51313; Copyright; Avail: Aeroplus Dispatch 

This paper presents the DREDD (Dependability and Risk Analysis using Decision Diagrams) algorithm which incorporates 
coverage modeling into a binary decision diagram (BDD) solution of a combinatorial model. The DREDD algorithm takes 
advantage of the efficiency of the BDD solution approach and the increased accuracy afforded by coverage modeling. BDDs have 
been used to find exact solutions for extremely large systems, including those with as many as 10 to the 20 prime implicants 
(Coudert and Madre, 1992). Including coverage in this process will increase the validity of the results, since a more complete 
model allows for more realistic analysis. The reliability of life critical systems, which previously could only be approximated, 
may now be analyzed more accurately. 

Author (AIAA) 

Fault Tolerance; Combinatorial Analysis; Decision Theory; Risk; Reliability Analysis; Fault Trees 


19990056024 

Fault-free analysis of computer-based systems 

Dugan, Joanne B., Virginia, Univ., Charlottesville, USA; 1999; In English; Copyright; Avail: AIAA Dispatch 

This tutorial discusses several new and exciting approaches to fault tree analysis of computer-based systems. After a brief 
introduction to fault trees, we present an example analysis of a simple control system and then discuss the use of fault trees as a 
design aid for software systems. The largest part of tutorial deals with methods for adapting the fault tree techniques to the analysis 
of computer-based systems. These methods include the incorporation of coverage models in the fault tree and the use of special 
gates for sequence dependencies. Several examples of fault tree models for computer systems are presented. These new techniques 
have allowed the fault tree model, long appreciated for its concise and unambiguous representational form, to be applicable to 
the analysis of complex fault-tolerant systems. 
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System reliability analysis of an embedded hardware/software system using fault trees 

Kaufman, Lori M„ Virginia, Univ., Charlottesville, USA; Dugan, Joanne B„ Virginia, Univ., Charlottesville; Manian, Ragavan, 
FORE Systems, Inc., USA; Vemuri, Kiran K„ Hewlett-Packard Co., USA; 1999, pp. 135-141; In English; Copyright; Avail: AIAA 
Dispatch 

The use of fault trees allows for the unified modeling of embedded hardware/software systems. Fault trees can also produce 
a sensitivity analysis to provide insight as to which hardware and software components are potentially the most problematic for 
a given system. From this analysis, the effects that the various hardware and software components have on the overall system 
reliability can be quantified. Using an example system, it is demonstrated that the various software components contained within 
a system have a significant impact on the overall system reliability. Hence, software and hardware must be integrated in the 
reliability analysis of embedded systems to properly represent system behavior and to properly predict the overall system 
reliability. 

Author (AIAA) 

Fault Trees; Software Development Tools; Hardware; Reliability Analysis; Embedded Computer Systems 

19990056056 

Reliability analysis of complex hardware-software systems 

Vemuri, Kiran K„ Hewlett-Packard Co., USA; Dugan, Joanne B., Virginia, Univ., Charlottesville; 1999, pp. 178-182; In English; 
Copyright; Avail: AIAA Dispatch 

We demonstrate how fault tree analysis could be used to perform reliability analysis of hardware-software systems. The 
functional dependence of the hardware components on the interfacing software components is appropriately modeled using fault 
trees. The Massachusetts Institute of Technology Center for Space Research Advanced X-ray Astrophysics Facility Imaging 
Charge Couple Device Imaging Spectrometer (ACTS) system is used to illustrate the fault tree analysis method in reliability 
analysis of complex hardware-software systems. The ACTS science instrument system is a spacebome system to acquire and 
process X-ray images over the sky, and sends them to Earth. It has hardware and software components with interfaces between 
them, making it a very good example of a complex hardware-software system. This approach could be used in analyzing other 
complex systems being designed today and in identifying the critical components to make the system safe and more reliable. 
Author (AIAA) 

Reliability Analysis; Software Reliability; Hardware; Fault Trees; X Ray Imagery 

20000006854 

The technique of free diagnosis for a test system 

Zhang, Wen-Qi, CASC, 4th Academy, Xian, China; Journal of Solid Rocket Technology; Jun. 1999; ISSN 1006-2793; Volume 
22, no. 2, pp. 72-74; In Chinese; Copyright; Avail: Aeroplus Dispatch 

The basic principle, model construction, and application of a fault tree analysis model for a test system are presented. As the 
fault database of the diagnosis system is improved, the model will play an important role in accurately and rapidly diagnosing 
the fault location of the test system for a solid rocket motor. 

Author (AIAA) 

Fault Trees; Solid Propellant Rocket Engines 
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19850015029 Edgerton, Germeshausen and Grier, Inc., Idaho Falls, ID, USA 

Contribution of instrumentation and control software to system reliability 

Fryer, M. 0„ Edgerton, Germeshausen and Grier, Inc., USA; Jan 1, 1984; 7p; In English; Symp. on New Technol. in Nucl. Power 
Plant Instrumentation and Control, 28 Nov. 1984, Washington, DC, USA 
C ontrac t(s)/ Grant( s) : DE-AC07-76ID-01570 

Report No.(s): DE85-004693; EGG-M-25484; CONF-841 122-3; Avail: CASI; A02, Hardcopy; A01. Microfiche 

A new method of reliability assessment of combined software/hardware systems is presented. The method is based on a 
procedure called fault tree analysis which determines how component failures can contribute to system failure. Fault tree analysis 
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is a well developed method for reliability assessment of hardware systems and produces quantitative estimates of failure 
probability based on component failure rates. It is shown how software control logic can be mapped into a fault tree that depicts 
both software and hardware contributions to system failure. 

DOE 

Computer Systems Programs; Failure Analysis; Fault Trees; Reliability; System Failures 
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An architecture for consideration of multiple faults 

Maletz, M. C., Inference Corp., USA; Jan 1, 1985; 8p; In English; See also A87-16676; Copyright; Avail: Issuing Activity 
A context graphs architecture is presented for fault diagnostic systems which reason from symptoms and tests to suspected 
faults. The rooted, directed, acyclic graphs (DAG) feature directional arcs which indicate parent-child relationships for tracking 
fact inheritance across the graphs. Root contexts have no parents, while all other contexts have one or more parents. The 
architecture permits use of heuristic search strategies through the space of possible faults. A 'merge’ context is described which 
involves finding unique solutions for a particular context (fault) by tracking a distinct set of ancestors. Implementation of such 
an architecture is illustrated with a diagnostic system for Shuttle simulation hardware. 

AIAA 

Architecture (Computers); Expert Systems; Fault Trees; Flight Simulators; Graph Theory; Reliability Analysis; Space Shuttle 
Orbiters 

19890005389 McDonnell Aircraft Co., Saint Fouis, MO, USA 

Avionics fault tree analysis and artificial intelligence for furore aircraft maintenance 

Harris, Michael E„ McDonnell Aircraft Co., USA; Snodgrass, Thomas D„ McDonnell Aircraft Co., USA; Colorado Univ., 
Proceedings of the Air Force Workshop on Artificial Intelligence Applications for Integrated Diagnostics; Jul 1, 1987, pp. p 
363-374; In English; See also N89- 14740 06-63; Avail; CASI; A03, Hardcopy; A04, Microfiche 

The F/A-18 aircraft has demonstrated that reduced Fife Cycle Costs and improved operational readiness can be designed-in 
without retreating from performance requirements when emphasis is properly balanced between Reliability, Maintainability and 
Design. The Avionics Fault Tree Analyzer (AFTA) is a suitcase size flight line tester capable of extending the F/A-18 fighter’s 
built-in-test (BIT) fault isolation capabilities beyond the Weapon Replaceable Assembly (WRA), to the Shop Replaceable 
Assembly (SRA) Fevel. The AFTA was developed as an interim support tool for the Navy prior to attainment of total organic 
support capability, and as an alternate method of support to reduce Fife Cycle Cost for F/A-18 foreign military sales. With the 
transformation of the AFTA concept from ground support equipment to avionics, a quantitative improvement in Life Cycle Costs 
will be obtained through the application of Artificial Intelligence (AI) techniques. AI is expected to see applications to practical 
problems in many disciplines; and one of which is the implementation of the military fault diagnostic system. Using AI techniques, 
a smart BIT is being developed which will reduce false alarms, identify intermittent failures, and improve fault isolation to the 
lowest possible element. Increasing density of computer memory, modularly designed avionic functions and the use of very large 
scale and high speed integrated devices will allow future aircraft to fly with the AFTA function. Ramifications such as eliminating 
the need for intermediate avionic repair facilities, increased aircraft operational readiness, decrease in aircraft recurring cost, and 
a reduction in spares investment are discussed. This paper will summarize the AFTA concept. Life Cycle Cost advantages, and 
the implementation of Artificial Intelligence in future avionic designs relative to improved reliability and maintainability. 
CASI 

Artificial Intelligence; Automatic Test Equipment; Avionics; Fault Trees; Maintenance; Onboard Equipment 
19961)035597 Naval Postgraduate School, Monterey, CA USA 

Software Fault Dree Analysis ©fan Automated Control System Device Written in Ada 

Winter, Mathias W., Naval Postgraduate School, USA; Sep. 1995; 112p; In English 
Report No. (s): AD-A303377; No Copyright; Avail; CASI; A06, Hardcopy; A02, Microfiche 

Software Fault Tree Analysis (SFTA) is a technique used to analyze software for faults that could lead to hazardous conditions 
in systems which contain software components. Previous thesis works have developed three Ada-based, semi-automated software 
analysis tools, the Automated Code Translation Tool (ACm) an Ada statement template generator, the Fault Tree Editor (Fm) a 
graphical fault tree editor, and the Fault Isolator (FL) an automated software fault tree isolator. These previous works did not apply 
their tools on a real system. Therefore, the question addressed by this thesis is ’Do these tools actually work on a real-world 
software control system?’ This thesis developed and implemented a sample Software System Analysis Methodology (SSAM) 
using these semi- automated s oftware tools. The research applied this methodology to a real-world distributed control system 
written in Ada. The Missile Engagement Simulation Arena's (MESA) control software was developed by the Naval Air Warfare 
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Center, Weapons Division, China Lake, CA. The SSAM was used to show that the analysis of the Sphere-HWCI control module's 
74,000 lines of code could be thoroughly analyzed in less than 100 man-hours. This practical, 740 lines-of-code per hour rate was 
a direct result of the incorporation of the semi-automated tools into the process. 
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19970034829 Society of Instrument and Control Engineers, Tokyo, Japan 

Investigational report on the trend of control technology Seigyo gijutsu doko chosa hokokusho 

Jun. 1996; 188p; In Japanese 

Report No.(s): ETDE/JP-MF-97750119; DE97-750119; No Copyright; Avail: Issuing Activity (Natl Technical Information 
Service (NTIS)), Microfiche 

For the purpose of corresponding to changes of the industrial structure and making full use of the control technology, the paper 
investigated the state of the application. High-grade automation in the manufacturing industry has reached the spread of use at 
big companies for these 10 years. The hierarchical structure of business/process/DCS has been completed, and the optimal control 
and the advanced control have been realized. The development and spread to the much wider field is anticipated. The soft structure 
system is needed for equipment improvement in view of the life cycle of equipment and toward the elimination of bottlenecking. 
For the design of the control system, commercial tools began to be much used, and it is expected in future to accumulate and recycle 
the knowledge/knowhow for effective design work. Further, strict simulation models based material balance and heat balance 
have also been on the rise, and the advance in technology is expected. Because of the total productivity of the production 
equipment, the control technology is anticipated not only for the pursuit of controllability but for the use as supporting technology 
in the operation/driving/failure diagnosis for working out, carrying out and evaluating the optimum operation plan. 

DOE 

Control Systems Design; Controllability; Automation; Control Theory; Forecasting; Information Systems; Optimal Control; 
Productivity; Commerce; Production Management; Fault Trees 
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Safety and reliability assessment techniques in robotics 

Dhillon, B. S., Univ. of Ottawa, Canada; Fashandi, A. R. M.; Robotica; Nov-Dec, 1997; ISSN 0263-5747; Volume 15, pt 6, pp. 
701-708; In English; Copyright; Avail; Issuing Activity 

A robot has to be safe and reliable. An unreliable robot may become the cause of unsafe conditions, high maintenance costs, 
inconvenience, etc. Over the years, in general safety and reliability areas various assessment methods have been developed, e.g. 
failure mode and effects analysis, fault tree analysis, and Markovian analysis. In view of these, this paper presents an overview 
of the most suitable robot safety and reliability assessment techniques. 
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Robot reliability using fuzzy fault trees and Markov models 

Leuschen, Martin L., Rice Univ., USA; Walker, Ian D., Rice Univ., USA; Cavallaro, Joseph R., Rice Univ., USA; 1996, pp. 73-91; 
In English; Copyright; Avail: AIAA Dispatch 

Robot reliability has become an increasingly important issue in the last few years, in part due to the increased application of 
robots in hazardous and unstructured environments. However, much of this work leads to complex and nonintuitive analysis, 
which results in many techniques being impractical due to computational complexity or lack of appropriately complex models 
for the manipulator. We consider the application of notions and techniques from fuzzy logic, fault trees, and Markov modeling 
to robot fault tolerance. Fuzzy logic lends itself to quantitative reliability calculations in robotics. The crisp failure rates which 
are usually used are not actually known, while fuzzy logic, due to its ability to work with the actual approximate (fuzzy) failure 
rates available during the design process, avoids making too many unwarranted assumptions. Fault trees are a standard reliability 
tool that can easily assimilate fuzzy logic. Markov modeling allows evaluation of multiple failure modes simultaneously, and is 
thus an appropriate method of modeling failures in redundant robotic systems. However, no method of applying fuzzy logic to 
Markov models was known to the authors. This opens up the possibility of new techniques for reliability using Markov modeling 
and fuzzy logic techniques, which are developed here. 
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The use of fault trees for the design of robots for hazardous environments 

Walker, Ian D., Rice Univ., USA; Cavallaro, Joseph R., Rice Univ., USA; 1996, pp. 229-235; In English 
C ontract( s)/Grant( s) : NSF IRI-95-26363; NSF DDM-92-02639; DE-AC04-94AL-85000; NAG9-740; Copyright; Avail: 
Aeroplus Dispatch 

This paper addresses the application of fault trees to the analysis of robot manipulator reliability and fault tolerance. Although 
a common and useful tool in other applications, fault trees have only recently been applied to robots. In addition, most of the fault 
tree analyses in robotics have focused on qualitative, rather than quantitative, analysis. Robotic manipulators present some special 
problems, due to the complex and strongly coupled nature of their subsystems, and also their wild response to subsystem failures. 
Additionally, there is a lack of reliability data for robots and their subsystems. There has traditionally been little emphasis on fault 
tolerance in the design of industrial robots, and data regarding operational robot failures are relatively scarce. However, at this 
time there is a new and critical need for safe and reliable robots for remote Environmental Restoration and Waste Management 
applications. This paper discusses aspects of the reliability problem in robotics, concentrating on the quantitative aspects of fault 
tree analysis for the design of robot manipulators. 
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Basie fault-tree analysis 

Koren, James, Science Applications International Corp., USA; Childs, Christopher, Science Applications International Corp., 
USA; 1994; In English; Copyright; Avail; Aeroplus Dispatch 

Although based on some simple concepts, the application of fault trees to practical problems is fraught with pitfalls. This 
tutorial describes the basic techniques of synthesis and analysis and provides practical information so that their use can be 
cost-effective. There are nine important fault-tree construction issues. Basic-Event Naming Convention Component Boundaries 
Modularization Support-System Interface Common-Cause Events System Schematic Direction of Analysis Circular Logic 
System Notebooks. There are three general cautions. Set the goal of your analysis early and keep it in sight at all times. Each 
decision made concerning the fault-tree analysis must be made with this final goal in mind. Expand the fault tree only where it 
is needed. If a support system does not appreciably contribute to system failure, leaving it as an undeveloped event is acceptable. 
A fault tree that is harder to understand and comprehend than the system it represents is of little use to anyone. 
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On the relations between Intelligent backtracking and failure-driven explanation-based learning in constraint satisfaction 
and planning 

Kambhampati, Subbarao, Arizona State Univ., USA; Artificial Intelligence; Oct, 1998; ISSN 0004-3702; Volume 105, no. 1-2, 
pp. 161-208; In English; Copyright; Avail; Issuing Activity 

The ideas of intelligent backtracking (IB) and explanation-based learning (EBL) have developed independently in the 
constraint satisfaction, planning, machine learning and problem solving communities. The variety of approaches developed for 
IB and EBL in the various communities have hitherto been incomparable. In this paper, I formalize and unify these ideas under 
the task-independent framework of refinement search, which can model the search strategies used in both planning and constraint 
satisfaction problems (CSPs). I show that both IB and EBL depend upon the common theory of explanation analysis - which 
involves explaining search failures, and regressing them to higher levels of the search tree. My comprehensive analysis shows 
that most of the differences between the CSP and planning approaches to EBL and IB revolve around different solutions to: (a) 
how the failure explanations are computed; (b) how they are contextualized (contextualization involves deciding whether or not 
to keep the flaw description and the description of the violated problem constraints); and (c) how the storage of explanations is 
managed. The differences themselves can be understood in terms of the differences between planning and CSP problems as 
instantiations of refinement search. This unified understanding is expected to support a greater cross-fertilization of ideas among 
CSP, planning and EBL communities. 

Author (El) 

Artificial Intelligence; Machine Learning; Computation 


62 



64 

NUMERICAL ANALYSIS 


Includes iteration, differential and difference equations, and numerical approximation. 


19700030987 Douglas United Nuclear, Inc., Richland, WA, USA 

Commercial application of fault tree analysis 

Bruce, R. A., Douglas United Nuclear, Inc., USA; Crosetti, R A., Douglas United Nuclear, Inc., USA; Apr 7, 1970; 41p; In 
English; 9TH; RELIABILITY AND MAINTAINABILITY CONE, DETROIT 
Contract(s)/Grant(s): AT/45- 1/- 1857 

Report No.(s): DUN-SA-139; CONF-700702-1; Avail: CASI; A03, Hardcopy; A01, Microfiche 
Fault tree analysis for reliability evaluation of commercial products 
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Common-cause analysis using sets 

Worrell, R. B., Sandia National Labs., USA; Stack, D. W., Sandia National Labs., USA; Dec 1, 1977; 15p; In English 
Contract(s)/Grant(s): EY-76-C-04-0789 

Report No.(s): SAND-77-1832; Avail: CASI; A03, Hardcopy; A01, Microfiche 

Common-cause analysis was developed for studying the behavior of a system that is affected by special conditions and 
secondary causes. Common-cause analysis is related to fault tree analysis. Common-cause candidates are minimal cut sets whose 
primary events ate closely linked by a special condition or are susceptible to the same secondary cause. It is shown that 
common-cause candidates can be identified using the Set Equation Transformation System (SETS). A Boolean equation is used 
to establish the special conditions and secondary cause susceptibilities for each primary event in the fault tree. A transformation 
of variables (substituting equals for equals), executed on a minimal cut set equation, results in replacing each primary event by 
the right side of its special condition/secondary cause equation and leads to the identification of the common-cause candidates. 
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19790005623 Argonne National Lab., IL, USA 

Introduction to fault tree synthesis using Lapp-Powers methodology 

Lynch, E. P„ Argonne National Lab., USA; Jan 1, 1978; 26p; In English; 1978 Symp. on Instrumentation and Control for Fossil 
Demonstration, 19-21 Jun. 1978, Newport Beach, CA, USA 

Report No.(s): ANL/EES-CP-3; CONF-780656-1; Avail: CASI; A03, Hardcopy; A01. Microfiche 

Fault tree analysis is a method of determining the possibility and/or probability that a specific designated failure will occur. 
A complete logic diagram is constructed that identifies the immediate precursor events leading to the failure, the precursors of 
these events, and so on until pyramid structure of tree is generated. A probability is assigned to each event in the tree, and the overall 
probability of the designated failure is calculated. The reader is shown how logic diagrams may be used in fault tree work, through 
the techniques developed by Lapp and Powers. Only simple systems are considered. Systems involving combinational logic only 
are discussed and, a sequential logic system in which one or more events cannot occur until one or more previous events are 
completed is examined. 

DOE 

Complex Systems; Failure Analysis; Logic Design; Probability Theory; Trees (Mathematics) 


19800055379 

Reliability analysis of an extreme ultraviolet spectrometer for space research 

Chakrabarti, S„ California, University, USA; Space Science Instrumentation; Jun 1, 1980; 5, pp. June 198; In English; p. 137-150 
Contract(s)/Grant(s): DAAG29-77-C-0031; Copyright; Avail: Issuing Activity 

The method of fault tree analysis designed to assess the reliability of complex systems is applied to an extreme ultraviolet 
spectrometer for satellite-borne observations. A fault tree is a logic diagram describing critical occurrences which have relevance 
to the failure of a system. A critical occurrence is represented by an event (e.g„ a component state), and a combination of several 
events is represented by a gate (e.g„ AND, OR). The tree consists of primary events, secondary events, and logic gates. A major 
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goal of fault tree analysis is to calculate the probability of occurrence of the top event. A one-year lifetime has been predicted for 
the spectrometer on the basis of the analysis. 

AIAA 

Complex Systems; Reliability Analysis; Satellite Observation; Satellite-Borne Instruments; Systems Analysis; Ultraviolet 
Spectrometers 

19830015988 Design Sciences, Inc., Sewickley, PA, USA 

Fault tree analysis report 

Powers, G. J., Design Sciences, Inc., USA; Lapp, S. A., Design Sciences, Inc., USA; Jun 1, 1982; 156p; In English 
Contract(s)/Grant(s): DE-AC02-80CH- 10047 

Report No.(s): DE82-020754; DOE/CH- 10047/4; Avail; CASI; A08, Hardcopy; A02, Microfiche 

Safety and reliability fault trees for the coal gasification process development unit (PDU) were constructed. Detailed fault 
trees with probability and failure rate calculations were generated for the events: fatality due to explosion, fire, toxic release or 
asphyxiation at the PDU coal gasification process; and loss of availability of the PDU. The trees were synthesized and subjected 
to multiple reviews. The steps involved in hazard identification and evaluation, fault tree generation, probability assessment, and 
design alteration are presented. The fault trees, cut sets, failure rate data and unavailability calculations are included. 

DOE 

Coal Gasification; Fault Trees; Pilot Plants 

19830070167 Japan Atomic Energy Research Inst., Div. of Reactor Engineering., Ibaraki, Japan 
Study on the scope of fault tree method applicability 

Ito, T., Japan Atomic Energy Research Inst., Japan; Mar 1, 1980; 29p; In Japanese 

Report No.(s): JAERI-M-8754; Avail; CASI; A03, Hardcopy; Avail: CASI HC A03/; A01, Microfiche; US Sales Only 
No abstract. 

Fault Trees; Nuclear Reactors; Reactor Safety; Reliability Analysis 

19980046696 

Improved efficiency in qualitative fault tree analysis 

Sinnamon, R. M., Loughborough Univ. of Technology, UK; Andrews, J. D.; Quality and Reliability Engineering International; 
September-October, 1997; ISSN 0748-8017; Volume 13, no. 5, pp. 293-298; In English; Copyright; Avail: Issuing Activity 
The fault tree diagram itself is an excellent way of deriving the failure logic for a system and representing it in a form is ideal 
for communication to managers, designers, operators, etc. Since the method was first conceived, algorithms to derive the minimal 
cut sets have worked directly with the fault tree diagram using either bottom-up or top-down approaches. These conventional 
techniques have several disadvantages when it comes to analyzing the fault tree. For complex systems an analysis may produce 
hundreds of thousands of minimal cut sets, the determination of which can be a very time-consuming process. Also, for large fault 
trees it may not be possible to evaluate all minimal cut sets, so methods to identify those event combinations which provide the 
most significant contributions to the system failure are evoked. Such methods include probabilistic or order culling to reduce the 
problem to a practical size, but they can also create considerable inaccuracies when it comes to evaluating top event probability 
parameters. This paper describes how the binary decision diagram method can be employed to evaluate the minimal cut sets of 
a fault tree efficiently and without the need to use approximations such as order culling. 

Author (El) 

Fault Trees; Qualitative Analysis; Quantitative Analysis; Failure Analysis; Decision Theory; Reliability; Boolean Functions; 
Binary Codes 


19980046697 

improved accuracy in quantitative fault tree analysis 

Sinnamon, R. M., Loughborough Univ. of Technology, UK; Andrews, J. D.; Quality and Reliability Engineering International; 
September-October, 1997; ISSN 0748-8017; Volume 13, no. 5, pp. 285-292; In English; Copyright; Avail: Issuing Activity 
The fault tree diagram defines the causes of the system failure mode or ’top event’ in terms of the component failures and 
human errors, represented by basic events, by providing information which enables the basic event probability to be calculated, 
the fault tree can then be quantified to yield reliability parameters for the system. Fault tree quantification enables the probability 
of the top event to be calculated and in addition its failure rate and expected number of occurrences. Importance measures which 
signify the contribution each basic event makes to system failure can also be determined. Owing to the large number of failure 
combinations (minimal cut sets) which generally result from a fault tree study, it is not possible using conventional techniques 
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to calculate these parameters exactly and approximations are required. The approximations usually rely on the basic events having 
a small likelihood of occurrence. When this condition is not met, it can result in large inaccuracies. These problems can be 
overcome by employing the binary decision diagram (BDD) approach. This method converts the fault tree diagram into a format 
which encodes Shannon's decomposition and allows the exact failure probability to be determined in a very efficient calculation 
procedure. This paper describes how the BDD method can be employed in fault tree quantification. 

Author (El) 

Fault Trees; Quantitative Analysis; Failure Analysis; Decision Theory; Reliability; Boolean Functions; Binary Codes 


19990004494 

New approaches to evaluating fault trees 

Sinnamon, R. M„ Loughborough Univ. of Technology, UK; Andrews, J. D.; Reliability Engineering & System Safety; Nov, 1997; 
ISSN 0951-8320; Volume 58, no. 2, pp. 89-96; In English; 1995 ESREL Conference, Jun., 1995, Bounemouth, UK; Copyright; 
Avail: Issuing Activity 

Fault Tree Analysis is now a widely accepted technique to assess the probability and frequency of system failure in many 
industries. For complex systems an analysis may produce hundreds of thousands of combinations of events which can cause 
system failure (minimal cut sets). The determination of these cut sets can be a very time consuming process even on modem high 
speed digital computers. Computerised methods, such as bottom-up or top-down approaches, to conduct this analysis are now so 
well developed that further refinement is unlikely to result in vast reductions in computer time. It is felt that substantial 
improvement in computer utilisation will only result from a completely new approach. This paper describes the use of a Binary 
Decision Diagram for Fault Tree Analysis and some ways in which it can be efficiently implemented on a computer. In particular, 
attention is given to the production of a minimum form of the Binary Decision Diagram by considering the ordering that has to 
be given to the basic events of the fault tree. 

Author (El) 

Fault Trees; Failure Analysis; Probability Theory; Digital Computers; Decision Theory; Binary Data; Sequencing 


19990074565 

l’ai 1 ure fundamentals 

Mostia, William L.; Control (Chicago, 111); Oct, 1998; ISSN 1049-5541; Volume 11, no. 10; 4p; In English; Copyright; Avail: 
Issuing Activity 

This article is the third in a series of three that discuss failures of measurement, automation, and process control equipment 
and systems (herein referred to as instruments). In August, Part I covered types of failures and failure phases in the instrument 
lifecycle. In September, Part II explained random, systematic, and common cause failures. 

Author (El) 

Errors; Process Control (Industry); Random Processes 
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Includes data sampling and smoothing; Monte Carlo method; time series and analysis; and stochastic processes. 

19680072678 University of Southern California, Aerospace Safety Div., Los Angeles, CA, USA 

Observations relative to fault tree analysis 

Miller, C. O., University of Southern California, USA; Oct 1, 1965; lip; In English; Avail: CASI; A03, Hardcopy, Unavail. 
Microfiche 

No abstract. 

Accident Prevention; Safety Factors; System Failures; Systems Analysis 

19690072936 Boeing Co., Airplane Group., Seattle, WA, USA 

Introduction to fault tree analysis 

Feutz, R. J., Boeing Co., USA; Tracy, J. P, Boeing Co., USA; Sep 1, 1965; 32p; In English 
Report No.(s): D6- 16182; Avail; CASI; A03, Hardcopy, Unavail. Microfiche 
No abstract. 

Aircraft Industry; Error Analysis; Trees (Mathematics); Utilization 
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19790031380 

Fault tree analysis with probability evaluation 

Proctor, C. L.; Kothari, A. M„ Western Michigan University, USA; Proctor, C. L„ II, Purdue University, USA; Ian 1, 1978; 6p; 
In English; Annual Reliability and Maintainability Symposium, lanuary 17-19, 1978, Los Angeles, CA; See also A79-15351 
04-38; Copyright; Avail; Issuing Activity 

This paper presents the fault tree analysis with probability evaluation by use of Boolean logic. It provides an all inclusive, 
versatile mathematical tree for analyzing gate and/or gate operations. The construction criteria and the probability evaluation 
methods of fault trees are briefly discussed. The reliability equations of the basic logic units of the tree are presented. The 
probability evaluation by use of Boolean logic has been discussed for generating the minimal cut sets of a fault tree containing 
repetitions of basic events and is illustrated by means of a sample fault tree. The MTBF (mean time between failure) evaluation 
with use of the reliability approach are illustrated by means of simple example. The paper treats the simple series structure and 
the parallel structure. For each, the probability of success and probability of failure are derived. 

AIAA 

Boolean Functions; Logical Elements; Probability Theory; Reliability Analysis; Set Theory 

19800037900 

Inverting and minimizing Boolean functions, minimal paths and minimal cuts - Noncoherent system analysis 

Locks, M. 0„ Oklahoma State University, USA; IEEE Transactions on Reliability; Dec 1, 1979; R-28, pp. Dec. 197; In English; 
p. 373-375; Copyright; Avail; Issuing Activity 
No abstract. 

Boolean Functions; Computer Aided Design; Fault Trees; Reliability Analysis; Systems Analysis 

19800064633 

Uncertainty propagation in fault-tree analysis 

Colombo, A. G., Commission of the European Communities, Joint Research Centre, Italy; Jan 1, 1980; 9p; In English; Synthesis 
and analysis methods for safety and reliability studies, July 3-14, 1978, Urbino, Italy; Sponsored by In: Synthesis and analysis 
methods for safety and reliability studies; Proceedings of the Advanced Study Institute; See also A80-48801 21-38; Copyright; 
Avail; Issuing Activity 

Various methods for investigating the propagation of uncertainty from the lower level (primary event) to the higher level of 
a complex system in a fault-tree analysis are discussed with reference to a sample 750 failure mode fault-tree. It is shown that the 
problem of uncertainty analysis requires further research, particularly in the nuclear field where the error factor of failure 
parameter distribution is large. A numerical code which systematically combines random variables is found to be an efficient tool 
in this task, at least for numerical calculations. 

AIAA 

Complex Systems; Fault Trees; Probability Theory; Reliability Analysis; Stochastic Processes 

19860037128 

Confidence intervals for top event unavailability - A problem of Bayesian statistics 

Clarotti, C. A., Comitato Nazionale per la Ricerca e per lo Sviluppo dell’Energia Nucleare e delle Energie Alternative, Italy; 
Contini, S., SYRECO, Italy; Jan 1, 1984; 4p; In English; See also A86-21851; Avail: Issuing Activity 

The problem of propagating uncertainties through a fault tree is framed into a Bayesian statistics context and in that view 
pre-existing approaches are analyzed and criticized. The question is examined of the relationship between uncertainty propagation 
and the probabilistics cut-off. 

AIAA 

Availability; Bayes Theorem; Confidence Limits; Fault Trees; Reliability Analysis 

19880014137 Technische Hogeschool, Delft, Netherlands 

Fault tree analysis and synthesis 

Bossche, Adrianus, Technische Hogeschool, Netherlands; Jan 1, 1987; 176p; In English; Avail: CASI; A09, Hardcopy; A02, 
Microfiche 

The Top-Event’s Frequency Algorithm for evaluating the top-event’s failure frequency of fault trees containing mutually 
exclusive failure modes of multi-state components is derived. The System Interstate Frequency Algorithm to evaluate the state 
probabilities and interstate frequencies of a (sub)system from which the (sub)system’s transition rates can be found easily is 
introduced. This latter algorithm allows a recursive calculation of system state frequencies and transition rates, i.e., the probability 
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and frequency data of subsystem performance are calculated prior to the evaluation of the probability and frequency data of the 
system using the same algorithm for all steps. Component models that show all fault propagation through the components and 
fault initiation by the components in both directions (upstream and downstream) are outlined. It is shown how to create system 
models that interconnect system components and environmental variables. A fault tree consUuction algorithm to generate fault 
trees from the given system and component models is presented. A real-time fault location algorithm to extract all faults and fault 
combinations that are most consistent with the set of measured variables, even when sensor circuits provide faulty information, 
is shown. 

ESA 

Failure Analysis; Fault Trees; Systems Analysis 


19920051717 NASA Lewis Research Center, Cleveland, OH, USA 

Structural system reliability calculation using a probabilistic fault tree analysis method 

Tomg, T. Y., NASA Lewis Research Center, USA; Wu, Y. T., NASA Lewis Research Center, USA; Millwater, H. R., Southwest 
Research Institute, USA; Jan 1, 1992; lip; In English; 33rd; AIAA/ASME/ASCE/AHS/ASC Structures, Structural Dynamics and 
Materials Conference, Apr. 13-15, 1992, Dallas, TX, USA; See also A92-34332 
Contract(s)/Grant(s): NAS3-24389 

Report No.(s): AIAA PAPER 92-2410; Copyright; Avail; Issuing Activity 

The development of a new probabilistic fault tree analysis (PFTA) method for calculating structural system reliability is 
summarized. The proposed PFTA procedure includes; developing a fault tree to represent the complex structural system, 
constructing an approximation function for each bottom event, determining a dominant sampling sequence for all bottom events, 
and calculating the system reliability using an adaptive importance sampling method. PFTA is suitable for complicated structural 
problems that require computer-intensive computer calculations. A computer program has been developed to implement the 
PFTA. 

AIAA 

Fault Trees; Probability Density Functions; Reliability Analysis; Structural Failure; Structural Stability 


19950042913 

MetaP rim e: An interactive fault-tree analyzer 

Coudert, Olivier, DEC Paris Research Lab, USA; Madre, Jean Christophe; IEEE Transactions on Reliability; March 1994; ISSN 
0018-9529; 43, 1, pp. 121-127; In English; Copyright; Avail; Issuing Activity 

The performances of almost all available fault-tree analysis tools are limited by the performance of their prime-implicant 
computation procedure. All these procedures manipulate the prime implicants of the fault-trees in extension, so that the analysis 
costs are directly related to the number of prime implicants to be generated, which in practice makes these tools difficult to apply 
on fault-trees with more than 20 000 prime implicants. This paper introduces an analysis method of coherent as well as 
noncoherent fault-trees that overcomes this limitation because its computational cost is related to neither the number of basic 
events, nor the number of gates, nor the number of prime implicants of these trees. We present the concepts underlying the 
prototype tool MetaPrime, and the experimental results obtained with this tool on real fault-trees. These results show that these 
concepts provide complete analysis in seconds on fault-trees that no previously available technique could ever even partially 
analyze, for instance noncoherent fault-trees with more than 10(exp 20) prime implicants. These concepts can also be used to 
analyze event-trees because such trees denote Boolean functions on which these concepts can be applied. Prime implicant 
computation is also critical in many other domains, in particular in expert-system applications such as reasoning maintenance and 
multiple fault diagnosis. The application of the concepts underlying MetaPrime to the resolution of these problems is under study. 
Author (El) 

Boolean Functions; Computation; Costs; Domains; Error Analysis; Fault Trees; Maintenance; Prototypes 


19980060345 

Hierarchical analysis of fault trees with dependencies, using decomposition 

Anand, Anju, Boeing Co., USA; Somani, Aran K., Iowa State Univ., Ames; 1998, pp. 69-75; In English; Copyright; Avail: 
Aeroplus Dispatch 

We demonstrate a decomposition scheme where independent subtrees of a fault tree are detected and solved hierarchically; 
a subtree is replaced by a single event in the parent tree whose probability of occurrence represents the probability of the 
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occurrence of the subtree. The decomposition and hierarchical solution can be more useful in case of fault trees with dependences. 
Instead of solving the whole system as a Markov model, only the appropriate subsystem needs to be analyzed as a Markov model. 
Author (AIAA) 

Fault Trees; Maikov Chains; Reliability Analysis; Probability Theory 


19980228485 Research Inst, of National Defence, Avd. foer Vapen och Skydd, Tumba, Sweden 
Assessment of Effect and Vulnerability Vaerdering av Verkan och Sarbarhet 
Wijk, G., Research Inst, of National Defence, Sweden; Mar. 1998; 50p; In Swedish 

Report No.(s): PB98-171002; FOA-R-97-00594-310-SE; No Copyright; Avail: Issuing Activity (Natl Technical Information 
Service (NTIS)), Microfiche 

The Computer programs APAS, LMP3 and VERKSAM/VERANA are described in principle. The report is the 
documentation of a course held at the Swedish Defense Academy in spring 1997. 

NTIS 

Vulnerability; Computer Programs; Damage Assessment; Computerized Simulation 

19990067887 

Constrained mathematics evaluation in probabilistic logic analysis 

Arlin Cooper, J„ Saudia Natl. Lab., USA; Reliability Engineering & System Safety; Jun, 1998; ISSN 0951-8320; Volume 60, no. 
3, pp. 199-203; In English; Copyright; Avail; Issuing Activity 

A challenging problem in mathematically processing uncertain operands is that constraints inherent in the problem definition 
can require computations that are difficult to implement. Examples of possible constraints are that the sum of the probabilities 
of partitioned possible outcomes must be one, and repeated appearances of the same variable must all have the identical value. 
The latter, called the 'repeated variable problem', will be addressed in this paper in order to show how interval-based probabilistic 
evaluation of Boolean logic expressions, such as those describing the outcomes of fault trees and event trees, can be facilitated 
in a way that can be readily implemented in software. We will illustrate techniques that can be used to transform complex 
constrained problems into trivial problems in most tree logic expressions, and into tractable problems in most other cases. 
Author (El) 

Boolean Algebra; Reliability 

19990108384 

Fault tree developed by an object-based method improves requirements specification for safety -related systems 

Cepin, Marko, Jozef Stefan Inst., Slovenia; Mavko, Borut; Reliability Engineering & System Safety; Feb, 1999; ISSN 0951-8320; 
Volume 63, no. 2, pp. 111-125; In English; Copyright; Avail; Issuing Activity 

Fault tree analysis is frequently used to improve system reliability and safety, to be suitable for analysis of software in 
computerised safety-related systems, it has to be modified accordingly. This paper presents a new application: the fault trees 
developed by an object-based method. The object-based method integrates structural and behavioral models of a system. The 
developed fault tree includes information on structure and the failure behaviors of classes of the system. Away from traditional 
use of the fault tree, which for traditional systems emphasises qualitative and quantitative results, the result of the new application 
emphasises the process of fault tree development and its qualitative results. Such fault tree application reduces the probability of 
failures in the requirements specification phase within the software life cycle, which increases the reliability of its product; 
however, it does not confirm this in a quantitative manner. 

Author (El) 

Accident Prevention; Standards; Reliability; Computer Programs 


19990109070 

Design of reliable systems using static & dynamic fault trees 

Ren, Yansong, Univ. of Virginia, USA; Dugan, Joanne Bechta; IEEE Transactions on Reliability; Sep, 1998; ISSN 0018-9529; 
Volume 47, no. 3 pt 1, pp. 234-244; In English; Copyright; Avail: Issuing Activity 

A genetic algorithm (GA) is embedded into a fault tree method to determine the heuristic optimal design configuration of 
a reliable system. For optimization, a fault tree which can represent the failure causes of potential designs is used. Several 
techniques to accelerate the optimization process are implemented which appreciably reduce the calculation time. 

El 

Reliability; Genetic Algorithms; Heuristic Methods; Optimization 
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SYSTEMS ANALYSIS AND OPERATIONS RESEARCH 

Includes mathematical modeling of systems; network analysis; mathematical programming; decision theory; and game theory. 

19750024786 California Univ., Operations Research Center., Berkeley, CA, USA 

Computerized fault tree analysis; TREE!, and MICSUP 

Pande, P. K„ California Univ., USA; Spector, M. E., California Univ., USA; Chatterjee, P„ California Univ., USA; Apr 1, 1975; 
57p; In English 

Contract(s)/Grant(s): N00014-69-A-0200-1070; NR PROJ. 042-238 

Report No.(s): AD-A010146; ORC-75-3; Avail: CASI; A04, Hardcopy; A01, Microfiche 

Fault tree analysis has proven to be extremely useful in studying large scale systems in both industry and research. Due to 
the size and complexity of most trees, it has been necessary to develop computer programs for efficient analysis. Vessely and 
Narum developed a computer package called PREP and KITT in 1970. In 1974, Fussell, Henry and Marshall produced a program 
called MOCUS. The computer programs presented in this paper perform functions similar to the PREP and MOCUS codes, though 
the methodology and efficiency are greatly advanced. In addition, this paper provides a basic understanding of the terminology 
and concepts of fault trees, discusses planned objectives, and gives some insight into a topic called Tree Trimming. All concepts 
and explanations are illustrated by example. 

DTIC 

Computer Programs; Systems Analysis; Trees (Mathematics) 

19770033878 

FatiM tree graphics - Application to system safety 

Wynholds, H. W.; Porterfield, W. R.; Bass, L., Lockheed Missiles and Space Co., Inc., USA; Jan 1, 1976; 14p; In English; 2nd; 
International System Safety Conference, July 21-25, 1975, San Diego, CA; See also A77-16726 05-31; Avail: Issuing Activity 
Fault tree analysis is an engineering modeling and evaluation technique. Its primary use has been in the areas of system safety 
and reliability, although its application is conceptually much broader. Fault Tree Graphics is an operational system that enables 
the user, through an interactive graphics terminal, to construct, modify, analyze and store fault trees. Included is a discussion of 
how this technique can be applied to System Safety. 

AIAA 

Computer Graphics; Design Analysis; Failure Analysis; Reliability Analysis; Safety Management; Trees (Mathematics) 

19820029589 

Performance evaluation of systems that include fault diagnostics 

Walker, B. K„ Case Western Reserve University, USA; Jan 1, 1981; 5p; In English; In: Joint Automatic Control Conference, June 
17-19, 1981, Charlottesville, VA; See also A82-13076 03-63; Copyright; Avail: Issuing Activity 

The development of numerous methods for automatically diagnosing faults in complex systems leads naturally to the design 
problem of choosing the best method and the best design parameters for a particular system. This paper addresses the problem 
of efficiently evaluating the performance of systems which include automatic fault diagnostics. The analytical methods discussed 
rely on the construction of generalized Markovian models for the evolution of the status of the system. Emphasis is placed on 
evaluating the standard reliability measure of the system, but other performance measures that can be generated are also suggested. 
AIAA 

Complex Systems; Failure Analysis; Fault Trees; Markov Processes; Performance Prediction; Reliability Analysis; System 
Failures 


19830041492 

An analytic method for uncertainty analysis of nonlinear output functions, with applications to fault-tree analysis 

Cox, D. C., Battelle Columbus Laboratories, USA; IEEE Transactions on Reliability; Dec 1, 1982; R-31, pp. Dec. 198; In English; 
p. 465-468 

Contract(s)/Grant(s): NRC-04-76-293-08; Copyright; Avail: Issuing Activity 

An analytic method is developed for the uncertainty analysis of the output of a complex model. The inputs of the model are 
assumed to be s-independent random variables and the model output is given as an analytic though possibly nonlinear function 
of the inputs. A method is formulated for partitioning the variance of the output among contributing causes. The most important 
contributors to the output uncertainty are identified by such a partitioning and therefore it provides an effective way of reducing 
that uncertainty. An example of the use of this method is given by applying it to the uncertainty analysis of fault trees. In addition. 
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it is suggested that this method could be applied to large computer codes where output cannot be represented as an analytic function 
of output, although considerable computation would likely be required in such cases for the evaluation of the conditional 
s-expectations. 

AIAA 

Complex Systems; Fault Trees; Nonlinear Systems; Probability Theory 

19850050429 

Boolean difference techniques for time-sequence and common-cause analysis of fault-trees 

Moret, B. M. E., New Mexico, University, USA; Thomason, M. G., Tennessee, University, USA; IEEE Transactions on 
Reliability; Dec 1, 1984; ISSN 0018-9529; R-33, pp. 399-405; In English 
Contract(s)/Grant(s): N0014-78-C-0311; Copyright; Avail; Issuing Activity 

Fault trees are a major model for the analysis of system reliability. In particular. Boolean difference methods applied to fault 
trees provide a widely used measure of subsystem criticality. This paper generalizes the fault-tree model to time-varying systems 
and uses time-dependent Boolean differences to analyze such systems. In particular, suitable partial Boolean differences provide 
maximal and minimal solution sets for sensitization conditions. A method of common-cause failure analysis based on partial 
time-dependent Boolean differences allows the study of failures due to repeated occurrences, at different times, of the same 
phenomenon. Such methods generalize to systems with repair, and under certain assumptions of independence, steady-state 
distributions can be used for the analysis of system faults. These methods are generally useful in reliability and sensitivity analysis. 
AIAA 

Boolean Algebra; Differences; Failure Analysis; Fault Trees; Reliability Analysis 

19900019826 Draper (Charles Stark) Lab., Inc., Cambridge, MA, USA 
Model authoring system for tail safe analysis 

Sikora, Scott E., Draper (Charles Stark) Lab., Inc., USA; Aug 1, 1990; 65p; In English 
Contract(s)/Grant(s): NAS2-12451; RTOP 505-68-27 

Report No.(s): NASA-CR-4317; H-1620; NAS 1.26:4317; Avail; CASI; A04, Hardcopy; A0 1, Microfiche 

The Model Authoring System is a prototype software application for generating fault tree analyses and failure mode and 
effects analyses for circuit designs. Utilizing established artificial intelligence and expert system techniques, the circuits are 
modeled as a frame-based knowledge base in an expert system shell, which allows the use of object oriented programming and 
an inference engine. The behavior of the circuit is then captured through IF-THEN rules, which then are searched to generate either 
a graphical fault tree analysis or failure modes and effects analysis. Sophisticated authoring techniques allow the circuit to be easily 
modeled, permit its behavior to be quickly defined, and provide abstraction features to deal with complexity. 

CASI 

Artificial Intelligence; Computer Programs; Expert Systems; Fail-Safe Systems; Failure Modes; Flight Control; Knowledge 
Bases (Artificial Intelligence); Object-Oriented Programming 

19980120605 

Fault tree analysis and binary' decision diagrams 

Sinnamon, Roslyn M., Loughborough Univ. of Technology, UK; Andrews, John D., Loughborough Univ. of Technology, UK; 
1996, pp. 215-222; In English; Copyright; Avail: Aeroplus Dispatch 

The paper describes the use of a binary decision diagram for fault tree analysis and ways in which it can be efficiently 
implemented on a computer. Results to date show a substantial improvement in computational effort for large complex fault trees 
analyzed by this method in comparison with the traditional approach. The binary decision diagram method has the additional 
advantage that approximations are not required and that exact calculations for the top event parameters can be performed. 
Author (AIAA) 

Fault Trees; Reliability; Industrial Plants; Decision Theory 


19980120607 

Facilitating fault tree preparation and review by applying complementary event logic 

Burkett, Michael A., Allison Engine Co., USA; 1996, pp. 223-228; In English; Copyright; Avail: Aeroplus Dispatch 

This paper describes a simple analysis and documentation procedure which can help ensure the completeness and accuracy 
of fault tree analysis and thus help assure the safety of the corresponding product or system. With this procedure, each layer of 
the fault tree which feeds into an OR gate is structured to comprise a complete theoretical set. This is done, generally, by first 
including the most significant or most obvious failure contributor, and then using complementary event logic to define a second 
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failure contributor which includes all possibilities except the one already covered. Fault trees prepared in this way are inherently 
complete and more amenable for review. 

Author (AIAA) 

Fault Trees; Logical Elements; Software Development Tools; Gates (Circuits) 


19980229866 


Yellman, Ted W., Boeing Commercial Airplane Group, USA; 1998, pp. 33-43; In English 
Report No.(s): SAE Paper 981204; Copyright; Avail; Aeroplus Dispatch 

This paper clarifies the concepts of unrelated, related (both cascading/consequential and common-extemal-cause), 
independent, and dependent, failure pairs, and their connections and their differences. It shows how the possibility of occurrence 
of a related failure pair in a real-life system results in a dependent failure pair in an analysis, and why and how much system safety 
can be degraded as a result. Methods are presented to help assess the degree of safety degradation which the possibility of related 
failure pairs can introduce into a system, so that their impacts can be reduced or even eliminated. The event-sequence analysis 
method is used to illustrate the principles discussed. The paper finishes up with some observations and cautions about using 
fault-tree analysis to assess the safety of systems in which related failure pairs can occur. 

Author (AIAA) 
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19980236501 Army Research Lab., Human Research and Engineering Directorate, Aberdeen Proving Ground, MD USA 
Fault Tree Analysis of Bradley linebacker Final Report, Jim , - Sep. 1996 
Jul. 1998; 47p; In English 

Report No.(s): AD-A352536; ARL-TR-1716; No Copyright; Avail: CASE A03, Hardcopy; A01, Microfiche 

This report presents a version of the degraded states (DS) methodology, concentrating on the logic used within fault trees. 
This methodology was the basis for the system analysis conducted on the Bradley Linebacker. This methodology and analysis 
were documented within the System Analysis Report (SAR) of J. F. Meyers, B. G. Ruth, and R. W. Kunkel entitled, 
’’Survivability/Lethality Analysis Report for the Bradley Linebacker,” from the U.S. Army Research Laboratory, Aberdeen 
Proving Ground, MD in October 1996, in support of the U.S. Army Operational Evaluation Command (OEC) in the preparation 
of the System Evaluation Report (SER). The Bradley Linebacker is an enhancement to the Bradley Fighting Vehicle (M2A2) with 
the ability to select targets, automatically track targets, and launch Stinger missiles. This is the first integrated system performed 
on any system where synergy of different battlefield threats was considered. 
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19990064882 

Implicit, method for incorporating common-cause failures in system analysis 

Vaurio, lussi K., Lappeenranta Univ. of Technology, Finland; IEEE Transactions on Reliability; lun, 1998; ISSN 0018-9529; 
Volume 47, no. 2, pp. 173-180; In English; Copyright; Avail; Issuing Activity 

A general procedure incorporates common-cause (CC) failures into system analysis by an implicit method; ie, after first 
solving the system probability equation without CC failures. Components of subsets are assumed to be equally vulnerable to CC 
of any particular multiplicity. The method allows for age-dependent hazard rates, repairable & non-repairable components, 
systems with multiple CC groups, and systems where not all components are statistically-identical or subject to CC failures. Key 
equations are given both for reliability block-diagrams and fault-trees (success and failure models), considering the system 
reliability, availability, and failure intensity functions. Initial failures and certain human errors are included, mainly for 
standby-system applications. The implicit method can dramatically simplify the Boolean manipulation and quantification of fault 
trees. Possible limitations & extensions are discussed. 

Author (El) 

Systems Analysis; Probability Theory; Computation; Statistical Analysis 
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ATOMIC AND MOLECULAR PHYSICS 


Includes atomic and molecular structure, electron properties, and atomic and molecular spectra. For elementary particle physics see 
73 Nuclear Physics. 

19690026587 Douglas United Nuclear, Inc., Richland, WA, USA 

Computer program for fault tree analysis 

Crosetti, R A., Douglas United Nuclear, Inc., USA; Apr 1, 1969; 29p; In English 
Report No.(s): DUN-5508; Avail: CASI; A03, Hardcopy; A01, Microfiche 
Computer program for fault tree analysis on critical reactor systems 
CASI 

Computer Programs; Critical Mass; Failure Analysis; Reactor Safety 

199901.01080 

Fuzzy FTA: A fuzzy fault tree system for uncertainty analysis 

Guimarees, Antonio C. F., Nuclear Energy Natl. Commission, Brazil; Ebecken, Nelson F. F.; Annals of Nuclear Energy; Apr, 
1999; ISSN 0306-4549; Volume 26, no. 6, pp. 523-532; In English; Copyright; Avail: Issuing Activity 

This paper describes a new approach and new computational system, FuzzyFTA, for reliability analysis using fault tree and 
fuzzy logic. Some measures are defined to determine critical components and the uncertainty contribution of each one to the 
system. The FuzzyFTA system includes algorithms to consider the minimal cut set approach for the top event calculation. After 
that, these algorithms are used to determine importance measures. The computer code application is the Auxiliary Feedwater 
System (AFWS) analysis, a recent study made for Angra-I, Brazilian NPP. 

Author (El) 

Fuzzy Sets; Reliability; Algorithms 
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NUCLEAR PHYSICS 

Includes nuclear particles; and reactor theory. For space radiation see 93 Space Radiation. For atomic and molecular physics see 12 
Atomic and Molecular Physics. For elementary particle physics see 77 Physics of Elementary Particles and Fields. For nuclear 
astrophysics see 90 Astrophysics. 

19780017927 Addis Translations International, Portola Valley, CA, USA 

Evaluation of the safety of storing radioactive wastes in geological formations: A preliminary application of the fault tree 
analysis to salt formations 

Bertozzi, G., Addis Translations International, USA; Dalessandro, M., Addis Translations International, USA; Girardi, F„ Addis 
Translations International, USA; Vanossi, M., Addis Translations International, USA; Oct 24, 1977; 23p; Transl. into ENGLISH 
from French Report; In English; Workshop on Risk Analysis and Geol. Modelling, 23 May 1977, Ispra, Italy 
Report No.(s): BNWL-TR-272; CONF-770565-2; Avail: CASI; A03, Hardcopy; A01, Microfiche 

Two imaginary formations were selected: salt bed and salt dome. Hypotheses on their stratigraphic, hydrologic, and geomorpho- 
logic conditions were made. Fault tree analysis was used on the various groups of phenomena which could cause the geological 
barrier to fail. The types of failures and their probabilities were evaluated on the basis of four time periods ( 103, 104, 105, 106 years). 
ERA 

Failure Analysis; Geochemistry; Landforms; Radioactive Wastes; Safety Factors; Sodium Chlorides; Structural Properties 
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19990010531 

Fault-tree analysis of criticality in a pulsed column of a typical reprocessing facility 

Nomura, Yasushi, Japan Atomic Energy Research Inst., Japan; Naito, Yoshitaka; Nuclear Technology; Jan, 1998; ISSN 
0029-5450; Volume 121, no. 1, pp. 3-13; In English; Copyright; Avail: Issuing Activity 

Scenario identification, preparation of reliability data, and fault-tree construction were conducted for a criticality in a pulsed 
column of a typical model of a reprocessing facility to find a weak link in the system. The plant system data, the basic reliability 
data with the fault-tree analysis code FIL, were supplied from NUKEM GmbH, Germany. In this exercise, a low nitric acid 
concentration in the scrub flow to the pulsed column is initiated by failures of the reagent preparation system of the primary separation 
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cycle, triggering plutonium accumulation, eventually exceeding the safety limit of the scrub column, and thus a criticality accident 
occurs. The occurrence frequency was evaluated to be 2.2 x 10(sup -5)/yr for this most conservative case of the accident scenario. 
The main contributor was investigated by the fault-tree branch analysis and identified to be human error relating to the sampling 
measurement for fresh nitric acid sciub feed. Because 2.2 x 10(sup -5)/yr is quite a high value in comparison with the generally 
accepted 10(sup -6)/yr, Monte Carlo uncertainty analysis assuming an error factor of 5 for each of the reliability data was conducted 
to predict a 90% confidence range of 1.9 x 10(sup -6)/yr to 8.25 x 10(sup -5)/yr. In addition, there might be unforeseen equipment 
failures related to the same criticality scenario. The additional analysis and discussion lead to the recommendation to adopt shape 
and dimension control in the design stage for the whole range of plutonium concentrations from a criticality safety point of view. 
Author (El) 

Fault Trees; Nuclear Fission; Nuclear Reactors; Nuclear Fuel Reprocessing; Failure Analysis; Accidents 

19990100587 

Application of fault detection and identification (FDI) techniques in power regulating systems of nuclear reactors 

Roy, K., Bhabha Atomic Research Cent., India; Banavar, R. N.; Thangasamy, S.; IEEE Transactions on Nuclear Science; Dec, 
1998; ISSN 0018-9499; Volume 45, no. 6 pt 3, pp. 3184-3201; In English; Copyright; Avail: Issuing Activity 

Application of failure detection and identification (FDI) algorithms have essentially been limited to identification of a global 
fault in the system, and no further attempts have been made to locate subcomponent faults for root cause analysis. This paper 
presents Kalman filter-based methods for FDI in power regulating systems of nuclear reactors. The attempt here is to explain how 
the behavior of the states, residues, and covariances can be interpreted to identify subcomponent faults. An alternative to the 
Kalman filter - the risk-sensitive filter - is also introduced. Comparison of its performance with the Kalman filter-based FDI 
algorithms is studied. All simulation studies have been carried out on postulated faults in the power regulating system of heavy 
water moderated, low pressure vertical tank-type research reactors. 

Author (El) 

Algorithms; Kalman Filters; Assessments; Risk; Safety; Valves 
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ADMINISTRATION AND MANAGEMENT 

Includes management planning and research. 

19790030391 

Problems in contracting for system safety 

Rackley, F. E.; Femon, G. H., General Dynamics Corp., USA; Jan 1, 1977; 4p; In English; 15th; SAFE Association, Annual 
Symposium, December 5-8, 1977, Fas Vegas, NV; See also A79-14401 03-03; Copyright; Avail: Issuing Activity 

Fault tree analysis is the method used for system hazard analysis, for assessing the safety level of the development aircraft 
and for predicting the safety level of the production aircraft at maturity. Source data for the fault tree logic diagrams are 
accumulated with the Subsystem Hazard Analysis (SSHA) program. Hazard analysis data are purchased from subcontractors. The 
Preliminary Hazard Analysis (PHA) identifies hazards in equipment and the Operating Hazard Analysis (OHA) identifies hazards 
in software and written instructions. One of the problems encountered in contracting for system safety is related to the failure of 
some subcontractors to properly identify ’command’ failures. Another problem is connected with the failure to identify all part 
failure modes. 

AIAA 

Aircraft Safety; Contract Management; Flight Hazards; Safety Management 

89 

ASTRONOMY 

Includes observations of celestial bodies, astronomical instruments and techniques; radio, gamma-ray, x-ray, ultraviolet, and infrared 
astronomy; and astrometry. 

19920008654 NASA, Washington, DC, USA 

Hubble Space Telescope; SRM/QA observations and lessons learned 

Rodney, George A., NASA, USA; Jan 1, 1990; 27p; In English 

Report No.(s): NASA-TM- 105505; NAS 1.15:105505; Avail; CAST, A03, Hardcopy; A01. Microfiche 

The Hubble Space Telescope (HST) Optical Systems Board of Investigation was established on July 2, 1990 to review. 
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analyze, and evaluate the facts and circumstances regarding the manufacture, development, and testing of the HST Optical 
Telescope Assembly (OTA). Specifically, the board was tasked to ascertain what caused the spherical aberration and how it 
escaped notice until on-orbit operation. The error that caused the on-orbit spherical aberration in the primary mirror was traced 
to the assembly process of the Reflective Null Corrector, one of the three Null Correctors developed as special test equipment 
(STE) to measure and test the primary mirror. Therefore, the safety, reliability, maintainability, and quality assurance (SRM&QA) 
investigation covers the events and the overall product assurance environment during the manufacturing phase of the primary 
mirror and Null Correctors (from 1978 through 1981). The SRM&QA issues that were identified during the HST investigation 
are summarized. The crucial product assurance requirements (including nonconformance processing) for the HST are examined. 
The history of Quality Assurance (QA) practices at Perkin-Elmer (P-E) for the period under investigation are reviewed. The 
importance of the information management function is discussed relative to data retention/control issues. Metrology and other 
critical technical issues also are discussed. The SRM&QA lessons learned from the investigation are presented along with specific 
recommendations. Appendix A provides the MSFC SRM&QA report. Appendix B provides supplemental reference materials. 
Appendix C presents the findings of the independent optical consultants. Optical Research Associates (ORA). Appendix D 
provides further details of the fault-tree analysis portion of the investigation process. 

CASI 

Aberration; Error Analysis; Hubble Space Telescope; Manufacturing; Mirrors; Quality Control 
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GENERAL 

Includes aeronautical , astronautlcal, and space science related histories, biographies, and pertinent reports too broad for 
categorization; histories or broad overviews of NASA programs such as Apollo, Gemini, and Mercury spacecraft, Earth Resources 
Technology Satellite (ERTS), and Skylab; NASA appropriations hearings. 

19710052620 

Status of failure /hazard/ mode and effect analysis, fault tree analysis, and prediction, apportionment arid assessment 

Grose, V. L.; Jan 1, 1971; 9p; In English; 10TH; RELIABILITY AND MAINTAINABILITY CONFERENCE, JUN. 27-30, 1971, 
ANAHEIM, CA; CONFERENCE SPONSORED BY THE AMERICAN SOCIETY OF MECHANICAL ENGINEERS, THE 
SOCIETY OF AUTOMOTIVE ENGINEERS, AND THE AMERICAN INST. OF AERONAUTICS AND ASTRONAUTICS.; 
Copyright; Avail: Issuing Activity 

Fault tree, failure mode and effect analysis, prediction apportionment and assessment, discussing system effectiveness 
AIAA 

Failure Analysis; Failure Modes; Performance Prediction; System Effectiveness; Trees (Mathematics) 

19720065841 Texas A&M Univ., Dept, of Industrial Engineering., College Station, TX, USA 
A computer algorithm for fault-tree analysis Final 
Cannon, J. A., Texas A&M Univ., USA; Dec 1, 1970; 72p; In English 
Report No. (s): AD-738977; Avail: CASI; A04, Hardcopy, Microfiche 
No abstract. 

Algorithms; Error Analysis; Trees (Mathematics) 

19740076158 Picatinny Arsenal, Dover, NJ, USA 

Fault tree analysis 

Larsen, W. F., Picatinny Arsenal, USA; Jan 1, 1974; 73p; In English 
Report No. (s): AD-774843; PA-TR-4556; Avail: CASI; A04, Hardcopy, Microfiche 
No abstract. 

Boolean Algebra; Failure Analysis; Ordnance; Probability Theory; Systems Analysis 

19770068969 California Univ., Berkeley. Lawrence Berkeley Lab, CA, USA 
Fault tree analysis programs available on the 7600/6600 computers 

Mcgibbon, A., California Univ., USA; Feb 7, 1973; 40p; In English; Sponsored by ERDA 
Report No.(s): TID-26994; Avail: CASI; A03, Hardcopy, Microfiche 
No abstract. 

CDC 6600 Computer; CDC 7600 Computer; Trees (Mathematics) 
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